Main Vulnerability Database Vulnerabilities #VU112066

#VU112066 Protection mechanism failure in Sudo - CVE-2025-32463

Published: July 1, 2025 / Updated: September 24, 2025

Vulnerability identifier: #VU112066

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2025-32463

CWE-ID: CWE-693

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Sudo

Software vendor:
Sudo

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient implementation of security measures when running sudo with -R (--chroot) option. A local user can run arbitrary commands as root, even if they are not listed in the sudoers file.

Note, the vulnerability affects installations with Name Service Switch (NSS) enabled.

Remediation

Install updates from vendor's website.

External links

https://www.sudo.ws/security/advisories/chroot_bug/
https://www.openwall.com/lists/oss-security/2025/06/30/3
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

#VU112066 Protection mechanism failure in Sudo - CVE-2025-32463

Description

Remediation

External links

Please verify you're human