fkie_nvd - fkie_cve-2025-32463

fkie_cve-2025-32463

Vulnerability from fkie_nvd

Published

2025-06-30 21:15

Modified

2025-07-22 15:15

Severity ?

9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

References

URL	Tags
cve@mitre.org	https://access.redhat.com/security/cve/cve-2025-32463	Third Party Advisory
cve@mitre.org	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463	Issue Tracking, Third Party Advisory
cve@mitre.org	https://explore.alas.aws.amazon.com/CVE-2025-32463.html	Third Party Advisory
cve@mitre.org	https://security-tracker.debian.org/tracker/CVE-2025-32463	Third Party Advisory
cve@mitre.org	https://ubuntu.com/security/notices/USN-7604-1	Third Party Advisory
cve@mitre.org	https://www.openwall.com/lists/oss-security/2025/06/30/3	Third Party Advisory
cve@mitre.org	https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/	Exploit, Third Party Advisory
cve@mitre.org	https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot	Exploit, Third Party Advisory
cve@mitre.org	https://www.sudo.ws/releases/changelog/	Release Notes
cve@mitre.org	https://www.sudo.ws/security/advisories/	Vendor Advisory
cve@mitre.org	https://www.sudo.ws/security/advisories/chroot_bug/
cve@mitre.org	https://www.suse.com/security/cve/CVE-2025-32463.html	Third Party Advisory
cve@mitre.org	https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/	Third Party Advisory
cve@mitre.org	https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability
cve@mitre.org	https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/

Impacted products

Vendor	Product	Version
sudo_project	sudo	*
sudo_project	sudo	1.9.17
canonical	ubuntu_linux	22.04
canonical	ubuntu_linux	24.04
canonical	ubuntu_linux	24.10
canonical	ubuntu_linux	25.04
debian	debian_linux	11.0
debian	debian_linux	12.0
debian	debian_linux	13.0
opensuse	leap	15.6
redhat	enterprise_linux	10.0
suse	linux_enterprise_desktop	15
suse	linux_enterprise_desktop	15
suse	linux_enterprise_real_time	15.0
suse	linux_enterprise_real_time	15.0
suse	linux_enterprise_real_time	15.0
suse	linux_enterprise_server_for_sap	12
suse	linux_enterprise_server_for_sap	12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91CD68ED-9A18-47B6-91E5-C20D2F69AB65",
              "versionEndExcluding": "1.9.17",
              "versionStartIncluding": "1.9.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sudo_project:sudo:1.9.17:-:*:*:*:*:*:*",
              "matchCriteriaId": "B563C690-EE9A-437C-9410-54209F82F827",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "BF90B5A4-6E55-4369-B9D4-E7A061E797D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:-:*:*:*",
              "matchCriteriaId": "418A8B25-A287-4218-A10E-F9345A8E2EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:25.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "6B40C5AB-76D5-44E1-A571-B9A44522C6BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "204FC6CC-9DAC-45FB-8A9F-C9C8EDD29D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B4F1C7-A301-4C94-A41C-A51182B83677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "B83183BD-A440-4697-8DD8-8A478C428984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "B4388826-A383-4FBA-819A-363EAF6183DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4B0AC584-5E26-4ACE-BC19-9E69A302F238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "E8772290-7B8F-4FF3-8114-0535E84E10F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "BF782A24-9E6B-4897-9402-37DBCA7A7332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "44807632-7775-4496-9217-5F5816943D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "2F46E618-B5F5-4CA1-8023-8E9C3E1772A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."
    },
    {
      "lang": "es",
      "value": "Sudo anterior a 1.9.17p1 permite a los usuarios locales obtener acceso root porque /etc/nsswitch.conf desde un directorio controlado por el usuario se utiliza con la opci\u00f3n --chroot."
    }
  ],
  "id": "CVE-2025-32463",
  "lastModified": "2025-07-22T15:15:26.150",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-30T21:15:30.257",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/cve-2025-32463"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-7604-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.sudo.ws/releases/changelog/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sudo.ws/security/advisories/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.sudo.ws/security/advisories/chroot_bug/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/security/cve/CVE-2025-32463.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-829"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}

CVE-2025-32463 (GCVE-0-2025-32463)

Vulnerability from cvelistv5

Published

2025-06-30 00:00

Modified

2025-07-22 14:59