Summary : Security Advisory: Two critical vulnerabilities CVE-2025-32462 and CVE-2025-32463 have been identified in the widely used Sudo utility, enabling local privilege escalation to root. System administrators rely on Sudo to enforce the principle of least privilege and maintain an audit trail of administrative actions.

The flaw, present in Sudo’s codebase for over 12 years, was discovered by Rich Mirch of the Stratascale Cyber Research Unit and affects both stable (v1.9.0–1.9.17) and legacy (v1.8.8–1.8.32) versions of Sudo.

Severity	Critical
CVSS Score	9.3
CVEs	CVE-2025-32463, CVE-2025-32462
POC Available	Yes
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

These flaws affect both legacy and modern versions of Sudo and impact Linux and Unix-like systems, including Ubuntu and macOS. One vulnerability (CVE-2025-32462)remained undiscovered for over 12 years. Both have been fixed in Sudo version 1.9.17p1. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
​Chroot Option Arbitrary Code Execution vulnerability	CVE-2025-32463	Sudo	Critical	1.9.17p1
Host Option Privilege Escalation vulnerability	CVE-2025-32462	Sudo	Low	1.9.17p1

Technical Summary 

CVE-2025-32463 – Chroot Privilege Escalation via Path Confusion 

Introduced in Sudo version 1.9.14, this vulnerability abuses the –chroot (-R) feature, allowing attackers to run commands as root even if not permitted in the sudoers file.

The flaw arises because Sudo began resolving paths inside the chroot environment before validating permissions. This allowed attackers to trick Sudo into referencing malicious configuration files (e.g., fake /etc/nsswitch.conf) and loading arbitrary shared libraries (e.g.-libnss_/woot1337.so.2) during the privilege escalation process. 

CVE-2025-32462 – Host Option Bypass 

CVE-2025-32462 exploits improper handling of the –host (-h) option in Sudo, allowing users to bypass hostname-based access restrictions and execute commands as root. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-32463	Stable 1.9.0 – 1.9.17	Exploits the -R chroot option to load attacker-controlled shared libraries, leading to root access even when user lacks necessary permissions.	Arbitrary code execution as root
CVE-2025-32462	Stable 1.9.0 – 1.9.17 Legacy 1.8.8 – 1.8.32	Allows local users to abuse the -h option to bypass Host or Host_Alias restrictions and execute commands as root across unintended systems.	Local privilege escalation to root

Remediation: 

Upgrade Sudo to version 1.9.17p1 or later or the appropriate patched package version provided by your Linux distribution. 

Conclusion: 
These Sudo vulnerabilities, especially CVE-2025-32463 with a CVSS score of 9.3, represent a serious threat to system integrity. Exploitable without complex tooling and with a public Proof-of-Concept (PoC) already available, this vulnerability underscores the risks posed by long-standing design flaws in foundational system utilities.

Administrators are strongly advised.

Update Sudo to version 1.9.17p1 or later on all systems. Organizations must act swiftly to patch affected systems, audit privileged access, and secure their Sudo configurations.

This incident reinforces the urgent need for continuous security reviews even for the most trusted and widely deployed open-source components and prevent unauthorized privilege escalation on affected systems.

References: 

• https://www.sudo.ws/security/advisories/chroot_bug/ 

• https://www.sudo.ws/security/advisories/host_any/  

• https://www.sudo.ws/dist/sudo-1.9.17p1.tar.gz   

• https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot  

• https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host