—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in Sudo 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Sudo versions prior to 1.9.17p1

Overview

A vulnerability has been reported in Sudo that could allow a local attacker with limited sudo privileges to execute arbitrary commands as root by abusing the –chroot (-R) option.

Target Audience:

All organizations and individuals running affected versions of sudo.

Risk Assessment:

High risk of local privilege escalation and arbitrary code execution.

Impact Assessment:

Potential for full system compromise through unauthorized root access.

Description

Sudo is a widely used command-line utility that enables users to run programs with elevated privileges.

This vulnerability exists in the –chroot (-R) option of sudo due to improper validation of user-controlled input. A local attacker could exploit this vulnerability by invoking sudo with a crafted –chroot path to execute arbitrary commands with elevated privileges.

Successful exploitation of this vulnerability could allow the attacker to gain root access on the system, bypassing restrictions defined in the sudoers configuration.

Note: CVE-2025-32463 is being actively exploited in the wild

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.sudo.ws/security/advisories/

References

Sudo

https://www.sudo.ws/security/advisories/

CVE Name

CVE-2025-32463

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjlEvgACgkQ3jCgcSdc

ys8idQ//cRYhCXwswuWEuwo0y3U3ed9vxg+hqWymeysO4p+i5T9GY60A9pVbSHPP

2pY9u6gihPBAKQ9IbFfC9oQ2/y0pkC28UJb9tml0/3KH33fWe0+a0k9f9oIb79dY

p9ZRJtaCaL4xBserR9yWtfj857cxIXQkxBuyNcpm9nNrq9lwA7t7hT/ybNAiis1b

6nxFWflJt3Mqim12LhggCC8/UeunaOPpLVx70EGTxllSx5+ACHC5Cr200sZUBO+m

84EFxeQ4Rvy7GgK9Vq2s9Z2vuoT6HVhKP3H0EePMRlXcONziF/l9STL0+zAyjg5T

FcX3XgnO6RxdsBcz6Jq7I/D5KotdxN3/dOItZgzjAUXHPJCNpfm91YEbV5XqE1NF

5e1HtzUVZ4PRGyTGZihMM6T4WB5o6GkbwW61GikIgA8OfGY4aNYwRyQ6kwQpHlzl

iCqoifLs+HOofftQLq6pvTze5s2pLs4EAn6kqTEOUKQs/v9RhRk59uo+csD3CZPe

LZUiJXvUaU7LS4umLuwLqYHjUTqmuOlN12SQKPmMuDprxITKHCh3pWycLXBLcUOy

+EH+/dkIO6L4stgUgcgKymdr3X+hymYVVo20lc23bH89AfAhojV1dbl2C4GUD1D1

efIjQbKUa77HZnRRdtwzn3SUsh80kOKLwNU6SUl+1h138RRThXg=

=Af6x

—–END PGP SIGNATURE—–