CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

submitted by

thehackernews.com/2025/09/cisa-sounds-alarm-on-…

13
70

Log in to comment

Hot Top New Old

This vulnerability could allow a local attacker to leverage sudo’s -R (–chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.

 reply
25

The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1

Check your version:
sudo --version

As mentioned above, sudo version 1.9.17p1 patches this. This version was already released in June of this year, so many distributions should have it.

 reply
24

On Ubuntu 24.04

Sudo version 1.9.15p5

Eep!

 reply
9
edited

It should be backported in supported ubuntu versions.

sudo apt changelog sudo

Tap for spoiler

sudo (1.9.15p5-3ubuntu5.24.04.1) noble-security; urgency=medium

  • SECURITY UPDATE: Local Privilege Escalation via host option
    • debian/patches/CVE-2025-32462.patch: only allow specifying a host

      when listing privileges.
    • CVE-2025-32462

  • SECURITY UPDATE: Local Privilege Escalation via chroot option

    • debian/patches/CVE-2025-32463.patch: remove user-selected root
      directory chroot option.
    • CVE-2025-32463

    – Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 08:42:53 -0400

 reply
3

p5. The patch was backported.

 reply
3

Wait, shouldn’t Ubuntu 24.04 LTS get security bugfixes?

 reply
4

It does. In fact it is fixed.

All decent LTS/stable distros will cherrypick security fixes into whatever version they stabilized themselves on.

 reply
3

Its funny because whenever I hear about something like this with foss it tends to be this way but when its proprietary I hear on how they were informed a while back, never patched it, and the founder of the bug is now disclosing based on the timetable they gave the. Feels that way anyway.

 reply
4

Thanks for posting the version.

Looks like Arch updated to this version on 1st July.

My DMZ node had it installed a week later, so I’m all smug today

 reply
2

Laughs in opendoas

 reply
7

Ah yes. Security through obscurity.

 reply
4

I tried using the systemd alternatie, run0 or whatever…. it’s really weird

 reply
1
Insert image