CybrWolf

Menu

SUDO LPE Vulnerabilities: CVE-2025-32462 and CVE-2025-32463

SUDO Vulnerabilities: CVE-2025-32462 & CVE-2025-32463

Two privilege escalation vulnerabilities have been discovered in the Sudo utility, tracked as CVE-2025-32462 and CVE-2025-32463. If exploited, these flaws could allow local users to gain root-level access on Linux and macOS systems.

The issues were reported by Rich Mirch of Stratascale Cyber Research Unit, and users are strongly advised to update Sudo to the latest patched version.

What is Sudo?

Sudo is a core utility in Unix-like operating systems, including Linux and macOS. It allows regular users to execute commands with elevated (root/administrator) privileges, without requiring a separate root login. Access is managed through the sudoers configuration file.

Vulnerability Details of CVE-2025-32462 & CVE-2025-32463

CVE-2025-32462 (Low Severity)

  • Issue: Present in Sudo’s -h / --host option for over 12 years.
  • Risk: The option was only intended for checking privileges on another host, but it can be abused when running commands or editing files.
  • Affected Versions:
    • Stable: v1.9.0 – 1.9.17
    • Legacy: v1.8.8 – 1.8.32

CVE-2025-32463 (Critical Severity)

  • Issue: Found in the Sudo chroot option introduced in v1.9.14.
  • Risk: Local users can trick Sudo into loading an arbitrary shared library by creating a fake /etc/nsswitch.conf file under a user-controlled root directory, leading to full root compromise.
  • Affected Versions: v1.9.14 – 1.9.17 (legacy versions not impacted).

Affected Platforms

Linux distributions: Ubuntu, Debian, Fedora, SUSE

macOS: Including Sequoia

Exploitation Impact

  • CVE-2025-32462: Easier to exploit in certain configurations, allowing users to bypass restrictions.
  • CVE-2025-32463: More severe — enables attackers to load malicious libraries and gain complete root access.

If successful, attackers gain full system control, with potential to modify files, disable security measures, or install persistent backdoors.

MITRE ATT&CK Mapping

  • TA0004 – Privilege Escalation: Exploiting vulnerabilities to gain root.
  • T1068 – Exploitation for Privilege Escalation: Leveraging the Sudo flaws directly.

Mitigation Steps

  • Update Sudo to v1.9.17p1 (patched release).
  • Regularly monitor and patch critical system utilities like Sudo.
  • Limit shell access for non-admin users to reduce local exploitation opportunities.

References & Attribution

MITRE CVE Program â€“ Source of CVE metadata and classification
© 1999–2025 The MITRE Corporation. Licensed under the MITRE CVE Terms of Use.
https://www.cve.org/Legal/TermsOfUse

https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host

Subscribe to CybrWolf and stay ahead of threats.