Sudo local privilege escalation vulnerabilities fixed
10 months ago
- #Vulnerability
- #Linux
- #Sudo
- Two local privilege escalation vulnerabilities in Sudo (CVE-2025-32462, CVE-2025-32463) have been disclosed.
- CVE-2025-32462 is a low-severity flaw in the Sudo host option, present for over 12 years, affecting versions 1.9.0–1.9.17 and 1.8.8–1.8.32.
- CVE-2025-32463 is a critical-severity flaw in the Sudo chroot option, affecting versions 1.9.14–1.9.17, allowing root access via arbitrary shared library loading.
- Both vulnerabilities have been fixed in Sudo version 1.9.17p1, released in early June 2025.
- Popular Linux distros like Ubuntu, Fedora, and macOS Sequoia are vulnerable; updated packages are available for Ubuntu, Debian, and SUSE.