CVEFinder.io

CVE-2025-32463

β›” critical
πŸ” Scan for this CVE
Summary

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVSS Score
9.3
Critical
EPSS Score
20.8
Exploit Probability
Published Date
2025-06-30
First Seen: 2026-01-05
πŸ“Š Relative Risk Intelligence

This CVE is High Risk - more severe than 88.5% of all 322,079 vulnerabilities in our database.

#36,896
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Sep 27, 2025
πŸ” Exploitation Status
Active
Exploits detected in the wild
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-11-05
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-829

πŸ“¦ Affected Products 14

Vendor Product Status Affected Versions
debian debian_linux Affected
v11.0
debian debian_linux Affected
v12.0
debian debian_linux Affected
v13.0
redhat enterprise_linux Affected
v10.0
suse linux_enterprise_desktop Affected
v15
canonical ubuntu_linux Affected
v22.04
canonical ubuntu_linux Affected
v24.04
canonical ubuntu_linux Affected
v24.10
canonical ubuntu_linux Affected
v25.04
suse linux_enterprise_server_for_sap Affected
v12
opensuse leap Affected
v15.6
sudo_project sudo Affected
≥ 1.9.14 < 1.9.17
sudo_project sudo Affected
v1.9.17
suse linux_enterprise_real_time Affected
v15.0

πŸ”— References 17

https://access.redhat.com/security/cve/cve-2025-32463
Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
Issue Tracking Third Party Advisory
https://explore.alas.aws.amazon.com/CVE-2025-32463.html
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2025...
Third Party Advisory
https://ubuntu.com/security/notices/USN-7604-1
Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/06/...
Third Party Advisory
https://www.secpod.com/blog/sudo-lpe-vulnerabilities...
Exploit Third Party Advisory
https://www.stratascale.com/vulnerability-alert-CVE-...
Exploit Third Party Advisory
https://www.sudo.ws/releases/changelog/
Release Notes
https://www.sudo.ws/security/advisories/
Vendor Advisory
https://www.sudo.ws/security/advisories/chroot_bug/
Vendor Advisory
https://www.suse.com/security/cve/CVE-2025-32463.html
Third Party Advisory
https://www.suse.com/support/update/announcement/202...
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-3246...
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-3246...
Mitigation Third Party Advisory
https://iototsecnews.jp/2025/07/01/linux-sudo-chroot...
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-42010 ⚠️ high 7.1 0.2 A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully ma... 2026-05-07
CVE-2026-34000 πŸ”Ά medium 6.1 0.0 A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifical... 2026-05-05
CVE-2026-34002 πŸ”Ά medium 6.1 0.0 A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension... 2026-05-05
CVE-2026-33845 ⚠️ high 7.5 0.0 A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an i... 2026-04-30
CVE-2026-3832 ℹ️ low 3.7 0.0 A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online ... 2026-04-30
CVE-2026-3833 πŸ”Ά medium 6.5 0.1 A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstra... 2026-04-30
These CVEs affect the same products