CVEFinder.io

CVE-2025-32463

⛔ critical
🔍 Scan for this CVE
Summary

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVSS Score
9.3
Critical
EPSS Score
20.8
Exploit Probability
Published Date
2025-06-30
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 88.7% of all 335,187 vulnerabilities in our database.

#38,019
Top 25% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Sep 27, 2025
🔍 Exploitation Status
Active
Exploits detected in the wild
âš™ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-11-05
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)

đŸ“Ļ Affected Products 14

🔗 References 17

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-15041 â„šī¸ low 3.7 0.3 A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for co... 2026-07-08
CVE-2026-58384 âš ī¸ high 7.3 0.2 A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation... 2026-07-07
CVE-2026-14940 đŸ”ļ medium 5.3 0.3 A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) ... 2026-07-07
CVE-2026-14969 đŸ”ļ medium 4.4 0.1 A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vecto... 2026-07-07
CVE-2026-58380 âš ī¸ high 7.3 0.2 A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() ... 2026-07-06
CVE-2026-59089 đŸ”ļ medium 5.5 0.2 A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calc... 2026-07-06
These CVEs affect the same products