Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

from The Hacker News 3 weeks ago

Two vulnerabilities in the Sudo command-line utility enable local attackers to escalate privileges to root on vulnerable systems. CVE-2025-32462 enables execution of commands on unintended machines due to incorrect sudoers file configuration. CVE-2025-32463 allows local users to obtain root access by using the --chroot option with a compromised /etc/nsswitch.conf from a user-controlled directory. These issues have existed in Sudo versions prior to 1.9.17p1, with one flaw being present for over 12 years.

CVE-2025-32462 allows listed users to execute commands on unintended machines due to a flaw with the sudoers file, enabling privilege escalation on susceptible setups.

CVE-2025-32463 permits local users to gain root access as it misuses "/etc/nsswitch.conf" from a user-controlled directory with the --chroot option.

Read at The Hacker News

#cybersecurity #sudo #vulnerabilities #privilege-escalation #linux

Collection

[

...

]

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major DistrosCritical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros Briefly

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Briefly