⚠️ CISA Known Exploited Vulnerability
Active ThreatThis vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
CVE-2025-32463
Critical CISA KEVVulnerability Description
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Known Affected Software
16 configuration(s) from 6 vendor(s)
cpe:2.3:o:canonical:ubuntu_linux:25.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.9.14:-:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.9.17:-:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.9.15:-:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.9.16:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5:*:*:*:*:*:*
2025-Jul-CVE-2025-32463
CVE-2025-32463: None
2025-Jun-CVE-2025-32463
CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access
CVE-2025-32463
CVE-2025-32463
References & Resources
-
https://access.redhat.com/security/cve/cve-2025-32463cve@mitre.org Third Party Advisory
-
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463cve@mitre.org Issue Tracking Third Party Advisory
-
https://explore.alas.aws.amazon.com/CVE-2025-32463.htmlcve@mitre.org Third Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2025-32463cve@mitre.org Third Party Advisory
-
https://ubuntu.com/security/notices/USN-7604-1cve@mitre.org Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2025/06/30/3cve@mitre.org Third Party Advisory
-
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/cve@mitre.org Exploit Third Party Advisory
-
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chrootcve@mitre.org Exploit Third Party Advisory
-
https://www.sudo.ws/releases/changelog/cve@mitre.org Release Notes
-
https://www.sudo.ws/security/advisories/cve@mitre.org Vendor Advisory
-
https://www.sudo.ws/security/advisories/chroot_bug/cve@mitre.org Vendor Advisory
-
https://www.suse.com/security/cve/CVE-2025-32463.htmlcve@mitre.org Third Party Advisory
-
https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/cve@mitre.org Third Party Advisory
-
https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerabilitycve@mitre.org Third Party Advisory
-
https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerabilitycve@mitre.org Mitigation Third Party Advisory
-
https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/134c704f-9b21-4f2e-91b3-4a467353bcc0 Third Party Advisory
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463134c704f-9b21-4f2e-91b3-4a467353bcc0 US Government Resource
Severity Details
CISA KEV Status
Listed in CISA's Known Exploited Vulnerabilities catalog
Weakness Type (CWE)
Inclusion of Functionality from Untrusted Control Sphere
- Description
- The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- June 30, 2025
