+92 310 8202561
ccienca@gmail.com
Facebook

0

Critical Sudo Vulnerabilities Allow Local Privilege Escalation on Linux

CCIE Academy | ccieacademy.org

Sudo vulnerabilities in Linux have exposed a serious security risk affecting major Linux distributions. These newly discovered Sudo vulnerabilities in Linux could allow local users to escalate privileges and gain unauthorized root access if left unpatched.

Summary of Vulnerabilities

CVE-2025-32462 (CVSS: 2.8)

Issue:
In Sudo versions before 1.9.17p1, the sudoers file can unintentionally allow users to run commands on unintended machines when specific host settings are misconfigured.

Risk:
Users can execute commands on machines where they should not have access.

Impact:
This is particularly dangerous for environments using shared or LDAP-based sudoers files.

CVE-2025-32463 (CVSS: 9.3)

Issue:
In Sudo versions before 1.9.17p1, local users can achieve root access using the --chroot option and a manipulated nsswitch.conf file from a user-controlled directory.

Risk:
This is a critical privilege escalation vulnerability. Even users without sudo permissions can exploit it.

Impact:
The default Sudo configuration is vulnerable, and no special sudo rules are required for exploitation.

How It Works

Sudo is a Linux command-line tool that allows limited privilege escalation, enabling users to run commands as another user (typically root) without full superuser access.

  • The flaw CVE-2025-32462 has existed for over 12 years. It abuses the -h (host) option to bypass machine-specific restrictions.

  • The flaw CVE-2025-32463 allows attackers to trick Sudo into loading malicious libraries by using a fake nsswitch.conf file inside a user-controlled chroot environment.

“Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user.” — Rich Mirch, Security Researcher

Affected Linux Distributions

The following popular Linux distributions are affected by these Sudo vulnerabilities:

  • ✔️ AlmaLinux 8 & 9

  • ✔️ Alpine Linux

  • ✔️ Amazon Linux

  • ✔️ Debian

  • ✔️ Gentoo

  • ✔️ Oracle Linux

  • ✔️ Red Hat

  • ✔️ SUSE

  • ✔️ Ubuntu

Recommended Actions

Update to Sudo version 1.9.17p1 immediately.
Apply security patches provided by your Linux distribution.
Regularly monitor advisories from your Linux vendor.

“The Sudo chroot option will be completely removed in future versions to prevent similar attacks.” — Todd C. Miller, Sudo Maintainer

Final Thoughts from CCIE Academy

These Sudo vulnerabilities in Linux highlight the ongoing risk of local privilege escalation. Organizations and Linux users must ensure their systems are updated and actively monitored to prevent such security breaches.

For more Linux security updates, visit ccieacademy.org and follow our cybersecurity blogs.