CVE-2025-32463 - Vulnerability Details

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Sept. 29, 2025.

The EPSS score is 0.20083.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Canonical Subscribe	Ubuntu Linux Subscribe
Debian Subscribe	Debian Linux Subscribe
Opensuse Subscribe	Leap Subscribe
Redhat Subscribe	Enterprise Linux Subscribe
Sudo Project Subscribe	Sudo Subscribe
Suse Subscribe	Linux Enterprise Desktop Subscribe Linux Enterprise Real Time Subscribe Linux Enterprise Server For Sap Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:sudo_project:sudo::::::::
	cpe:2.3:a:sudo_project:sudo:1.9.17:-::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:24.10::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:25.04::::-:::
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*
	cpe:2.3:o:opensuse:leap:15.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7::::::
	cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp6::::::
	cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp7::::::

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Sudo Project Subscribe	Sudo Subscribe

Advisories

Source	ID	Title
Ubuntu USN	USN-7604-1	Sudo vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/security/cve/cve-2025-32463
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
https://explore.alas.aws.amazon.com/CVE-2025-32463.html
https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/
https://nvd.nist.gov/vuln/detail/CVE-2025-32463
https://security-tracker.debian.org/tracker/CVE-2025-32463
https://ubuntu.com/security/notices/USN-7604-1
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463
https://www.cve.org/CVERecord?id=CVE-2025-32463
https://www.openwall.com/lists/oss-security/2025/06/30/3
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
https://www.sudo.ws/releases/changelog/
https://www.sudo.ws/security/advisories/
https://www.sudo.ws/security/advisories/chroot_bug/
https://www.suse.com/security/cve/CVE-2025-32463.html
https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/
https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability

History

Wed, 22 Oct 2025 08:15:00 +0900

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463

Wed, 22 Oct 2025 05:30:00 +0900

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463

Wed, 22 Oct 2025 05:15:00 +0900

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 22 Oct 2025 04:30:00 +0900

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463

Tue, 30 Sep 2025 02:45:00 +0900

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-09-29T00:00:00+00:00', 'dueDate': '2025-10-20T00:00:00+00:00'}`

Wed, 23 Jul 2025 00:15:00 +0900

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability

Sat, 19 Jul 2025 02:15:00 +0900

Type	Values Removed	Values Added
References		https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 18 Jul 2025 01:00:00 +0900

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Debian Debian debian Linux Opensuse Opensuse leap Redhat Redhat enterprise Linux Sudo Project Sudo Project sudo Suse Suse linux Enterprise Desktop Suse linux Enterprise Real Time Suse linux Enterprise Server For Sap
CPEs		cpe:2.3:a:sudo_project:sudo:::::::: cpe:2.3:a:sudo_project:sudo:1.9.17:-:::::: cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:24.10::::-::: cpe:2.3:o:canonical:ubuntu_linux:25.04::::-::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:opensuse:leap:15.6:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6:::::: cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6:::::: cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7:::::: cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp6:::::: cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp7::::::
Vendors & Products		Canonical Canonical ubuntu Linux Debian Debian debian Linux Opensuse Opensuse leap Redhat Redhat enterprise Linux Sudo Project Sudo Project sudo Suse Suse linux Enterprise Desktop Suse linux Enterprise Real Time Suse linux Enterprise Server For Sap

Wed, 16 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00325}`	epss `{'score': 0.0027}`

Thu, 10 Jul 2025 02:45:00 +0900

Type	Values Removed	Values Added
References		https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/

Wed, 02 Jul 2025 05:15:00 +0900

Type	Values Removed	Values Added
References		https://access.redhat.com/security/cve/cve-2025-32463 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463 https://explore.alas.aws.amazon.com/CVE-2025-32463.html https://security-tracker.debian.org/tracker/CVE-2025-32463 https://ubuntu.com/security/notices/USN-7604-1 https://www.suse.com/security/cve/CVE-2025-32463.html https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/

Tue, 01 Jul 2025 23:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 01 Jul 2025 09:30:00 +0900

Type	Values Removed	Values Added
Title		sudo: LPE via chroot option
Weaknesses		CWE-427
References		https://nvd.nist.gov/vuln/detail/CVE-2025-32463 https://www.cve.org/CVERecord?id=CVE-2025-32463 https://www.sudo.ws/security/advisories/chroot_bug/
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 01 Jul 2025 05:45:00 +0900

Type	Values Removed	Values Added
Description		Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Weaknesses		CWE-829
References		https://www.openwall.com/lists/oss-security/2025/06/30/3 https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot https://www.sudo.ws/releases/changelog/ https://www.sudo.ws/security/advisories/
Metrics		cvssV3_1 `{'score': 9.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-06-30T00:00:00.000Z

Updated: 2025-10-21T22:45:23.356Z

Reserved: 2025-04-09T00:00:00.000Z

Link: CVE-2025-32463

Vulnrichment

Updated: 2025-07-01T13:24:32.317Z

NVD

Status : Analyzed

Published: 2025-06-30T21:15:30.257

Modified: 2025-11-05T19:26:48.393

Link: CVE-2025-32463

Redhat

Severity : Important

Publid Date: 2025-06-30T14:00:00Z

Links: CVE-2025-32463 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-07T07:16:25Z

Weaknesses

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object