CVE-2025-32463 - Vulnerability Details

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Opensuse	Leap
Redhat	Enterprise Linux
Sudo Project	Sudo
Suse	Linux Enterprise Desktop Linux Enterprise Real Time Linux Enterprise Server For Sap

Configuration 1 [-]

OR	cpe:2.3:a:sudo_project:sudo::::::::
	cpe:2.3:a:sudo_project:sudo:1.9.17:-::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:24.10::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:25.04::::-:::
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*
	cpe:2.3:o:opensuse:leap:15.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7::::::
	cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp7::::::

No data.

References

Link	Providers
https://access.redhat.com/security/cve/cve-2025-32463
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
https://explore.alas.aws.amazon.com/CVE-2025-32463.html
https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/
https://nvd.nist.gov/vuln/detail/CVE-2025-32463
https://security-tracker.debian.org/tracker/CVE-2025-32463
https://ubuntu.com/security/notices/USN-7604-1
https://www.cve.org/CVERecord?id=CVE-2025-32463
https://www.openwall.com/lists/oss-security/2025/06/30/3
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
https://www.sudo.ws/releases/changelog/
https://www.sudo.ws/security/advisories/
https://www.sudo.ws/security/advisories/chroot_bug/
https://www.suse.com/security/cve/CVE-2025-32463.html
https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/
https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability

History

Tue, 22 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability

Fri, 18 Jul 2025 17:15:00 +0000

Type	Values Removed	Values Added
References		https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 17 Jul 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Debian Debian debian Linux Opensuse Opensuse leap Redhat Redhat enterprise Linux Sudo Project Sudo Project sudo Suse Suse linux Enterprise Desktop Suse linux Enterprise Real Time Suse linux Enterprise Server For Sap
CPEs		cpe:2.3:a:sudo_project:sudo:::::::: cpe:2.3:a:sudo_project:sudo:1.9.17:-:::::: cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:24.10::::-::: cpe:2.3:o:canonical:ubuntu_linux:25.04::::-::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:opensuse:leap:15.6:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6:::::: cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7:::::: cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp6:::::: cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp7::::::
Vendors & Products		Canonical Canonical ubuntu Linux Debian Debian debian Linux Opensuse Opensuse leap Redhat Redhat enterprise Linux Sudo Project Sudo Project sudo Suse Suse linux Enterprise Desktop Suse linux Enterprise Real Time Suse linux Enterprise Server For Sap

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00325}`	epss `{'score': 0.0027}`

Wed, 09 Jul 2025 17:45:00 +0000

Type	Values Removed	Values Added
References		https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/

Tue, 01 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/security/cve/cve-2025-32463 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463 https://explore.alas.aws.amazon.com/CVE-2025-32463.html https://security-tracker.debian.org/tracker/CVE-2025-32463 https://ubuntu.com/security/notices/USN-7604-1 https://www.suse.com/security/cve/CVE-2025-32463.html https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/

Tue, 01 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 01 Jul 2025 00:30:00 +0000

Type	Values Removed	Values Added
Title		sudo: LPE via chroot option
Weaknesses		CWE-427
References		https://nvd.nist.gov/vuln/detail/CVE-2025-32463 https://www.cve.org/CVERecord?id=CVE-2025-32463 https://www.sudo.ws/security/advisories/chroot_bug/
Metrics	threat_severity `None`	threat_severity `Important`

Mon, 30 Jun 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description		Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Weaknesses		CWE-829
References		https://www.openwall.com/lists/oss-security/2025/06/30/3 https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot https://www.sudo.ws/releases/changelog/ https://www.sudo.ws/security/advisories/
Metrics		cvssV3_1 `{'score': 9.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-06-30T00:00:00.000Z

Updated: 2025-07-22T14:59:53.402Z

Reserved: 2025-04-09T00:00:00.000Z

Link: CVE-2025-32463

Vulnrichment

Updated: 2025-07-01T13:24:32.317Z

NVD

Status : Modified

Published: 2025-06-30T21:15:30.257

Modified: 2025-07-22T15:15:26.150

Link: CVE-2025-32463

Redhat

Severity : Important

Publid Date: 2025-06-30T14:00:00Z

Links: CVE-2025-32463 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object