Major Linux Distributions Vulnerable to Critical Sudo Bugs Allowing Local Root Exploits
Discover the critical Sudo vulnerabilities affecting major Linux distributions, allowing local users to gain root access. Learn about the impact, patches, and steps taken by security researchers to mitigate these risks.
TL;DR
Critical vulnerabilities in the Sudo utility expose major Linux distributions to local root exploits, potentially allowing local users to gain elevated privileges. Security researchers have identified the issues, and patches have been released to address these flaws. —
Introduction
Cybersecurity researchers have recently disclosed two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like operating systems. These vulnerabilities can be exploited by local attackers to escalate privileges to root on affected systems. Sudo, short for “superuser do,” is a fundamental utility that allows permitted users to execute commands with the security privileges of another user, typically the root user.
Vulnerability Details
The identified vulnerabilities are:
- CVE-2025-32462 (CVSS score: 2.8): Affects Sudo versions before 1.9.17p1. When used with a sudoers file that specifies a host not matching the current host or set to ALL, this vulnerability allows listed users to execute commands on unintended machines.
- CVE-2025-32463 (CVSS score: 9.3): Affects Sudo versions before 1.9.17p1. This vulnerability allows local users to obtain root access by utilizing a user-controlled
/etc/nsswitch.conf
file with the--chroot
option.
Discovery and Impact
The Stratascale Cyber Research Unit (CRU) team discovered both vulnerabilities. The first, CVE-2025-32462, stems from the --host
option introduced in Sudo version 1.8.8 in 2013. Originally intended for listing rules, this option inadvertently allowed users to run commands with elevated privileges by referencing remote host rules in specific enterprise configurations.
The second vulnerability, CVE-2025-32463, involves the -R
(--chroot
) option, which allows users to run commands with a user-selected root directory. A change in Sudo 1.9.14 enabled path resolution via chroot()
using the user-specified root directory during sudoers file evaluation. This change allowed attackers to trick Sudo into loading an arbitrary shared library by creating an /etc/nsswitch.conf
file under the user-specified root directory.
Mitigation and Patches
The issues have been addressed with patches. For CVE-2025-32462, a patch was released to limit the --host
option to listing only. For CVE-2025-32463, the change from Sudo 1.9.14 was reverted in Sudo 1.9.17p1, and the chroot feature was marked as deprecated. It will be removed entirely in a future Sudo release due to its error-prone nature and lack of widespread use.
Timeline of Events
- April 1, 2025: Rich Mirch from Stratascale Cyber Research Unit (CRU) reported the vulnerability to Sudo maintainer Todd Miller.
- June 23, 2025: A patch was sent to the operating system distros list.
Conclusion
The discovery and patching of these critical Sudo vulnerabilities highlight the ongoing need for vigilance in cybersecurity. Users and administrators are advised to update their systems to the latest patched versions to mitigate these risks. Staying informed about such vulnerabilities and applying timely patches is crucial for maintaining the security and integrity of Linux systems.
Additional Resources
For further insights, check:
- Stratascale Vulnerability Alert
- Sudo Project Advisory
- NVD - CVE-2025-32462
- NVD - CVE-2025-32463
- Openwall Distros List
Stay updated with the latest cybersecurity news by following @securityaffairs on Twitter, Facebook, and Mastodon.
For more details, visit the full article: source