[CIVN-2025-0238] Privilege Escalation Vulnerability in Sudo
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Privilege Escalation Vulnerability in Sudo
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Sudo versions prior to 1.9.17p1
Overview
A vulnerability has been reported in Sudo that could allow a local attacker with limited sudo privileges to execute arbitrary commands as root by abusing the –chroot (-R) option.
Target Audience:
All organizations and individuals running affected versions of sudo.
Risk Assessment:
High risk of local privilege escalation and arbitrary code execution.
Impact Assessment:
Potential for full system compromise through unauthorized root access.
Description
Sudo is a widely used command-line utility that enables users to run programs with elevated privileges.
This vulnerability exists in the –chroot (-R) option of sudo due to improper validation of user-controlled input. A local attacker could exploit this vulnerability by invoking sudo with a crafted –chroot path to execute arbitrary commands with elevated privileges.
Successful exploitation of this vulnerability could allow the attacker to gain root access on the system, bypassing restrictions defined in the sudoers configuration.
Note: CVE-2025-32463 is being actively exploited in the wild
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.sudo.ws/security/advisories/
References
Sudo
https://www.sudo.ws/security/advisories/
CVE Name
CVE-2025-32463
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjlEvgACgkQ3jCgcSdc
ys8idQ//cRYhCXwswuWEuwo0y3U3ed9vxg+hqWymeysO4p+i5T9GY60A9pVbSHPP
2pY9u6gihPBAKQ9IbFfC9oQ2/y0pkC28UJb9tml0/3KH33fWe0+a0k9f9oIb79dY
p9ZRJtaCaL4xBserR9yWtfj857cxIXQkxBuyNcpm9nNrq9lwA7t7hT/ybNAiis1b
6nxFWflJt3Mqim12LhggCC8/UeunaOPpLVx70EGTxllSx5+ACHC5Cr200sZUBO+m
84EFxeQ4Rvy7GgK9Vq2s9Z2vuoT6HVhKP3H0EePMRlXcONziF/l9STL0+zAyjg5T
FcX3XgnO6RxdsBcz6Jq7I/D5KotdxN3/dOItZgzjAUXHPJCNpfm91YEbV5XqE1NF
5e1HtzUVZ4PRGyTGZihMM6T4WB5o6GkbwW61GikIgA8OfGY4aNYwRyQ6kwQpHlzl
iCqoifLs+HOofftQLq6pvTze5s2pLs4EAn6kqTEOUKQs/v9RhRk59uo+csD3CZPe
LZUiJXvUaU7LS4umLuwLqYHjUTqmuOlN12SQKPmMuDprxITKHCh3pWycLXBLcUOy
+EH+/dkIO6L4stgUgcgKymdr3X+hymYVVo20lc23bH89AfAhojV1dbl2C4GUD1D1
efIjQbKUa77HZnRRdtwzn3SUsh80kOKLwNU6SUl+1h138RRThXg=
=Af6x
—–END PGP SIGNATURE—–