Protection mechanism failure in Sudo - CVE-2025-32463
Published: July 1, 2025 / Updated: September 24, 2025
Vulnerability identifier: #VU112066
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2025-32463
CWE-ID: CWE-693
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Sudo
Affected software:
Sudo
Sudo
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient implementation of security measures when running sudo with -R (--chroot) option. A local user can run arbitrary commands as root, even if they are not listed in the sudoers file.
Note, the vulnerability affects installations with Name Service Switch (NSS) enabled.
How to mitigate CVE-2025-32463
Install updates from vendor's website.