VNG Cloud Logo
  1. [CRITICAL] CVE-2025-32463: Local Privilege Escalation to Root via Sudo chroot in Linux

[CRITICAL] CVE-2025-32463: Privilege Escalation Vulnerability in Sudo

Description 
A critical privilege escalation vulnerability in Sudo was publicly disclosed on June 30, 2025, affecting many popular Linux distributions. This vulnerability allows any unprivileged local user to gain root access on the system without prior privileges.

  • Severity: Critical.
  • Score: 9.3.

The vulnerability stems from unsafe handling of the --chroot (-R) option, which allows an attacker to trick sudo into loading a malicious nsswitch.conf configuration file. This leads to arbitrary code execution with the highest privileges (root). 
A proof-of-concept (PoC) exploit has already been published online.

Affected Scope 
This vulnerability affects Sudo versions from 1.9.14 to 1.9.17, which are commonly bundled with popular Linux distributions. Major affected operating systems include, but are not limited to:

  • Ubuntu
  • Fedora
  • Debian
  • Red Hat Enterprise Linux 10
  • SUSE Linux Enterprise 
     

Remediation

  • There is currently no temporary workaround available.
  • Due to the severity, ease of exploitation, and the existence of a public exploit, System Administrators are strongly advised to update vulnerable versions of Sudo to version 1.9.17p1 or later as soon as possible.

 

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-32463
  • https://www.sudo.ws/security/advisories/chroot_bug/
  • https://www.openwall.com/lists/oss-security/2025/06/30/3
  • https://ubuntu.com/security/CVE-2025-32463
  • https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot