CVEFinder.io

CVE-2025-32463

⛔ critical
🔍 Scan for this CVE
Summary

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVSS Score
9.3
Critical
EPSS Score
20.8
Exploit Probability
Published Date
2025-06-30
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 88.5% of all 317,883 vulnerabilities in our database.

#36,498
Top 25% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Sep 27, 2025
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-11-05
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-829

đŸ“Ļ Affected Products 14

Vendor Product Status Affected Versions
debian debian_linux Affected
v11.0
debian debian_linux Affected
v12.0
debian debian_linux Affected
v13.0
redhat enterprise_linux Affected
v10.0
suse linux_enterprise_desktop Affected
v15
canonical ubuntu_linux Affected
v22.04
canonical ubuntu_linux Affected
v24.04
canonical ubuntu_linux Affected
v24.10
canonical ubuntu_linux Affected
v25.04
suse linux_enterprise_server_for_sap Affected
v12
opensuse leap Affected
v15.6
sudo_project sudo Affected
≥ 1.9.14 < 1.9.17
sudo_project sudo Affected
v1.9.17
suse linux_enterprise_real_time Affected
v15.0

🔗 References 17

https://access.redhat.com/security/cve/cve-2025-32463
Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
Issue Tracking Third Party Advisory
https://explore.alas.aws.amazon.com/CVE-2025-32463.html
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2025...
Third Party Advisory
https://ubuntu.com/security/notices/USN-7604-1
Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/06/...
Third Party Advisory
https://www.secpod.com/blog/sudo-lpe-vulnerabilities...
Exploit Third Party Advisory
https://www.stratascale.com/vulnerability-alert-CVE-...
Exploit Third Party Advisory
https://www.sudo.ws/releases/changelog/
Release Notes
https://www.sudo.ws/security/advisories/
Vendor Advisory
https://www.sudo.ws/security/advisories/chroot_bug/
Vendor Advisory
https://www.suse.com/security/cve/CVE-2025-32463.html
Third Party Advisory
https://www.suse.com/support/update/announcement/202...
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-3246...
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-3246...
Mitigation Third Party Advisory
https://iototsecnews.jp/2025/07/01/linux-sudo-chroot...
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4647 đŸ”ļ medium 6.1 0.0 A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files... 2026-03-23
CVE-2026-3632 ℹī¸ low 3.9 0.1 A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because ... 2026-03-17
CVE-2026-3633 ℹī¸ low 3.9 0.0 A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function... 2026-03-17
CVE-2026-3634 ℹī¸ low 3.9 0.0 A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage... 2026-03-17
CVE-2026-4271 đŸ”ļ medium 5.3 1.0 A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs... 2026-03-17
CVE-2026-3441 đŸ”ļ medium 6.1 0.0 A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t... 2026-03-16
These CVEs affect the same products