Critical Sudo Bug CVE-2025-32463 Lets Users Gain Root Access on Linux

Two newly discovered vulnerabilities in the Sudo utility have put millions of Linux and Unix systems at risk. These flaws allow local users, who normally have no special privileges, to gain root-level access to the system. Since Sudo is used by almost all major Linux distributions, this discovery has triggered serious security concerns.

The most serious of the two flaws is tracked as CVE-2025-32463, and it has been given a CVSS score of 9.3, which marks it as critical. This vulnerability involves how Sudo handles the –chroot or -R option. If a local attacker has write access to a directory and can place a specially crafted nsswitch.conf file inside it, they could trick Sudo into loading a malicious shared library and execute arbitrary code with root privileges. What makes this more dangerous is that it can happen even without specific rules in the sudoers configuration.

The second vulnerability, CVE-2025-32462, is less severe with a CVSS score of 2.8, but still concerning. It has been present in the Sudo code for more than 12 years. This flaw affects how the –host or -h option works. If an attacker knows how, they can bypass host-specific restrictions in the sudoers file by making Sudo believe it’s being run on a different host. While this doesn’t directly grant root access, it could allow users to break policy rules that are meant to limit their access.

Both vulnerabilities were discovered and reported by Rich Mirch, a security researcher at Stratascale, and Todd Miller, the longtime Sudo maintainer. They issued coordinated disclosures and patches shortly after confirming the bugs.

What makes this a big deal is that Sudo is installed by default on almost all major Linux distributions, Ubuntu, Debian, Fedora, Red Hat, SUSE, and more. Since these bugs don’t rely on any special system configuration, even default setups are affected. Any regular user with access to a Linux terminal could potentially use these vulnerabilities to gain complete control over a machine.

The good news is that both vulnerabilities have been patched in Sudo version 1.9.17p1, which was released in early June 2025. Most major Linux distributions have already released updated packages, and system administrators are strongly advised to update their systems immediately.

If your system is running an older version of Sudo, you are highly encouraged to upgrade right away. There are no known workarounds or temporary fixes that can fully prevent exploitation. Updating is the only way to ensure your system is safe.

These vulnerabilities highlight how even trusted, long-standing system tools like Sudo can contain hidden bugs that go unnoticed for years. While Sudo is designed to control and limit privilege escalation, these flaws effectively undo that protection, putting critical systems and data at risk.

In enterprise environments, where servers may host sensitive applications or user data, the risk is even more serious. A local attacker gaining root access could lead to system compromise, data theft, or the deployment of malware or ransomware.

System administrators should not delay in applying the update. It’s also a good time to review your sudoers policies and check for unnecessary permissions or access rules that could expose your environment to insider threats.

In summary, these two Sudo vulnerabilities, CVE-2025-32463 and CVE-2025-32462, are clear reminders that local privilege escalation remains a serious attack vector. Patching now can prevent a small bug from turning into a big breach.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news