https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html

Cybersecurity researchers have disclosed two critical security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on vulnerable machines. The vulnerabilities, designated CVE-2025-32462 and CVE-2025-32463, were discovered by Stratascale researcher Rich Mirch and affect Sudo versions prior to 1.9.17p1. The first vulnerability has existed undetected for over 12 years since its introduction in September 2013, while the second represents a critical-severity flaw that exploits the chroot functionality to execute arbitrary commands with elevated privileges.

CVE-2025-32462, with a CVSS score of 2.8, exploits Sudo’s host option feature to allow listed users to execute commands on unintended machines when using sudoers files that specify hosts other than the current machine. The flaw primarily affects environments using common sudoers files distributed across multiple machines or LDAP-based sudoers configurations including SSSD. Meanwhile, CVE-2025-32463 carries a critical CVSS score of 9.3 and leverages Sudo’s chroot option to enable any unprivileged local user to gain root access by tricking sudo into loading arbitrary shared libraries through a malicious nsswitch.conf configuration file, even without specific sudo rules defined for the user.

The vulnerabilities have been addressed in Sudo version 1.9.17p1 released in late June 2025, following responsible disclosure on April 1, 2025. Major Linux distributions including AlmaLinux, Alpine Linux, Amazon Linux, Debian, Gentoo, Oracle Linux, Red Hat, SUSE, and Ubuntu have issued security advisories and patches to address these flaws. Sudo project maintainer Todd C. Miller announced that the chroot option will be completely removed from future releases, citing that supporting user-specified root directories is inherently error-prone and poses significant security risks to system integrity.