- 213/2025
- Critical
Sudo has released security updates to address several vulnerabilities across Sudo versions 1.8.8 to 1.9.17.
The addressed vulnerabilities could allow the local attacker to gain elevated privilege on systems that support the “etc/nsswitch.conf” file by tricking sudo into loading an arbitrary shared library by creating a new file under the user-specified root directory.
Sample of the addressed vulnerabilities:
Linux/Unix-like OS Sudo Privilege Escalation Vulnerability (CVE-2025-32463):
- CVSS: 9.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
It should be highlighted that security researchers have discovered that the vulnerability “CVE-2025-32463” is being exploited in the wild.
Vulnerabilities
- CVE-2025-32462
- CVE-2025-32463
Mitigations
The enterprise should deploy the patches as soon as the testing phase is completed and should check with its vendors for updates, if any.
Below is a sample of the distributors’ fixes: