CVE-2025-32463 - Vulnerability Details

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Sept. 29, 2025.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Opensuse	Leap
Redhat	Enterprise Linux
Sudo Project	Sudo
Suse	Linux Enterprise Desktop Linux Enterprise Real Time Linux Enterprise Server For Sap

Configuration 1 [-]

OR	cpe:2.3:a:sudo_project:sudo::::::::
	cpe:2.3:a:sudo_project:sudo:1.9.17:-::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:24.10::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:25.04::::-:::
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*
	cpe:2.3:o:opensuse:leap:15.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7::::::
	cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp7::::::

No data.

References

Link	Providers
https://access.redhat.com/security/cve/cve-2025-32463
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
https://explore.alas.aws.amazon.com/CVE-2025-32463.html
https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/
https://nvd.nist.gov/vuln/detail/CVE-2025-32463
https://security-tracker.debian.org/tracker/CVE-2025-32463
https://ubuntu.com/security/notices/USN-7604-1
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463
https://www.cve.org/CVERecord?id=CVE-2025-32463
https://www.openwall.com/lists/oss-security/2025/06/30/3
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
https://www.sudo.ws/releases/changelog/
https://www.sudo.ws/security/advisories/
https://www.sudo.ws/security/advisories/chroot_bug/
https://www.suse.com/security/cve/CVE-2025-32463.html
https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/
https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability

History

Tue, 21 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463

Tue, 21 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463

Mon, 29 Sep 2025 17:45:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-09-29T00:00:00+00:00', 'dueDate': '2025-10-20T00:00:00+00:00'}`

Tue, 22 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability

Fri, 18 Jul 2025 17:15:00 +0000

Type	Values Removed	Values Added
References		https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 17 Jul 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Debian Debian debian Linux Opensuse Opensuse leap Redhat Redhat enterprise Linux Sudo Project Sudo Project sudo Suse Suse linux Enterprise Desktop Suse linux Enterprise Real Time Suse linux Enterprise Server For Sap
CPEs		cpe:2.3:a:sudo_project:sudo:::::::: cpe:2.3:a:sudo_project:sudo:1.9.17:-:::::: cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:24.10::::-::: cpe:2.3:o:canonical:ubuntu_linux:25.04::::-::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:opensuse:leap:15.6:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6:::::: cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7:::::: cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp6:::::: cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp7::::::
Vendors & Products		Canonical Canonical ubuntu Linux Debian Debian debian Linux Opensuse Opensuse leap Redhat Redhat enterprise Linux Sudo Project Sudo Project sudo Suse Suse linux Enterprise Desktop Suse linux Enterprise Real Time Suse linux Enterprise Server For Sap

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00325}`	epss `{'score': 0.0027}`

Wed, 09 Jul 2025 17:45:00 +0000

Type	Values Removed	Values Added
References		https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/

Tue, 01 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/security/cve/cve-2025-32463 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463 https://explore.alas.aws.amazon.com/CVE-2025-32463.html https://security-tracker.debian.org/tracker/CVE-2025-32463 https://ubuntu.com/security/notices/USN-7604-1 https://www.suse.com/security/cve/CVE-2025-32463.html https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/

Tue, 01 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 01 Jul 2025 00:30:00 +0000

Type	Values Removed	Values Added
Title		sudo: LPE via chroot option
Weaknesses		CWE-427
References		https://nvd.nist.gov/vuln/detail/CVE-2025-32463 https://www.cve.org/CVERecord?id=CVE-2025-32463 https://www.sudo.ws/security/advisories/chroot_bug/
Metrics	threat_severity `None`	threat_severity `Important`

Mon, 30 Jun 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description		Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Weaknesses		CWE-829
References		https://www.openwall.com/lists/oss-security/2025/06/30/3 https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot https://www.sudo.ws/releases/changelog/ https://www.sudo.ws/security/advisories/
Metrics		cvssV3_1 `{'score': 9.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-06-30T00:00:00.000Z

Updated: 2025-10-21T22:45:23.356Z

Reserved: 2025-04-09T00:00:00.000Z

Link: CVE-2025-32463

Vulnrichment

Updated: 2025-07-01T13:24:32.317Z

NVD

Status : Modified

Published: 2025-06-30T21:15:30.257

Modified: 2025-10-21T23:16:59.997

Link: CVE-2025-32463

Redhat

Severity : Important

Publid Date: 2025-06-30T14:00:00Z

Links: CVE-2025-32463 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object