"A command-line utility for Linux and macOS, Sudo enables specified users to execute commands with root or administrator privileges without having to log in as superuser. A Windows implementation of the Sudo concept also exists, but it is not a fork or port of the Unix project. Because of the elevated temporary access that Sudo provides on Linux and macOS, only users configured in a sudoers file are permitted to execute commands via Sudo."
"The security defect flagged as exploited by CISA, tracked as CVE-2025-32463 (CVSS score of 9.3), allows any user to execute commands using Sudo, even if they are not configured in the sudoers file. Successful exploitation of the bug is only possible on systems that support /etc/nsswitch.conf, as it requires for the attacker to create an /etc/nsswitch.conf file under a user-specified root directory and then use the chroot feature to trick Sudo into loading it."
"The bug was introduced in 2023 in Sudo version 1.9.14 and was resolved in June with the release of Sudo version 1.9.17p1, which deprecated the chroot feature and removed the option to run commands with a user-selected root directory. CISA now warns that the CVE has been exploited in attacks, urging federal agencies to address it in their environments within the next three weeks, as mandated by the Binding Operational Directive (BOD) 22-01."
Sudo allows specified Linux and macOS users to execute commands with root privileges without logging in as superuser. CVE-2025-32463 permits any user to execute commands via Sudo even if not listed in sudoers. Successful exploitation requires systems that support /etc/nsswitch.conf and involves creating an /etc/nsswitch.conf under a user-selected root directory and using chroot to trick Sudo into loading it. The bug was introduced in Sudo 1.9.14 (2023) and fixed in 1.9.17p1, which deprecated chroot and removed the user-selected root directory option. Proof-of-concept exploits appeared in July, and CISA reports real-world exploitation and mandates remediation for federal agencies within three weeks under BOD 22-01.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]