Two recent Sudo vulnerabilities—CVE-2025-32462 and CVE-2025-32463—were disclosed and patched in July 2025. Both are local privilege escalation flaws that could allow a local user to gain root access on affected systems if certain conditions are met.
CVE-2025-32462
• Severity: Low
• Affected versions: Sudo 1.9.0–1.9.17 (stable) and 1.8.8–1.8.32 (legacy)
• Details: The vulnerability is tied to the Sudo host option (-h or --host), which is meant to be used with the list option (-l or --list) for displaying a user’s sudo privileges on a different host. Due to a bug, this option was not restricted to just listing privileges—it could also be used when running commands or editing files, potentially allowing privilege escalation to root if Sudo rules are restricted to certain hostnames or patterns. For example, if a sudoers rule allows a user access on host “cerebus” but not on “hades,” the user could run sudo -h cerebus <command> from “hades” and bypass the restriction
• Exploitability: Exploitation requires a specific Sudo configuration, but in environments using host restrictions, escalation to root can be achieved without a complex exploit.
CVE-2025-32463
• Severity: Critical
• Affected versions: Sudo 1.9.14–1.9.17 (legacy versions not affected)
• Details: This vulnerability is in the Sudo chroot option (-R or --chroot), which lets users run commands with a different root directory if permitted by sudoers. A change in Sudo v1.9.14 allowed attackers to trick Sudo into loading an arbitrary shared library by creating a malicious /etc/nsswitch.conf in the user-specified root directory. This can lead to local privilege escalation to root on systems supporting /etc/nsswitch.conf.
About the Sudo vulnerability
The vulnerability arises because, starting with Sudo v1.9.14, the tool began resolving paths within the chroot environment before evaluating the sudoers file. This allows a local attacker to create a malicious /etc/nsswitch.conf file inside the user-controlled chroot directory. When Sudo is invoked with the --chroot option, it reads this file and can be tricked into loading an arbitrary shared library (for example, a malicious libnss module), resulting in arbitrary code execution as root.
Mitigation and Recommendations
Update Sudo immediately to the latest patched version to eliminate these vulnerabilities. Then review your Sudo configuration, especially if you use host-based restrictions or the chroot feature.
