Recent Vulnerabilities in Sudo Command-Line Tool for Linux
Cybersecurity experts have recently revealed two serious vulnerabilities affecting the Sudo command-line utility widely used in Linux and Unix-like operating systems. These flaws could allow local attackers to escalate their privileges to root on vulnerable systems, raising significant security concerns.
Understanding the Vulnerabilities
The reported vulnerabilities are classified as follows:
-
CVE-2025-32462 (CVSS Score: 2.8): This issue affects Sudo versions prior to 1.9.17p1. When configured with a sudoers file that specifies a host other than the current machine or the option "ALL," it allows users to execute commands on unintended systems.
- CVE-2025-32463 (CVSS Score: 9.3): This severe flaw, also present in versions before 1.9.17p1, can enable local users to gain root access by using the
/etc/nsswitch.conffile from a user-controlled directory in conjunction with the--chrootoption.
What is Sudo?
Sudo is a command-line tool that permits users with limited privileges to run commands as a different user, typically the superuser. The design principle relies on minimizing access—allowing users to perform administrative tasks without requiring complete access rights. The configuration for Sudo is managed through a file named /etc/sudoers, which dictates who can execute which commands as which users across various machines.
Discovery of the Vulnerabilities
Rich Mirch from Stratascale identified and reported these vulnerabilities. Notably, CVE-2025-32462 has been an undetected issue for over 12 years. It stems from Sudo’s -h (host) option that allows users to list their sudo privileges for different hosts, a feature introduced in September 2013. Unfortunately, this flaw permits the execution of commands permitted by a remote host on the local machine when the Sudo command references an unrelated host.
Todd C. Miller, a maintainer of the Sudo project, pointed out that this vulnerability primarily impacts systems utilizing a shared sudoers file across multiple machines. This includes setups leveraging LDAP-based sudoers, like those utilizing SSSD.
The Severity of CVE-2025-32463
The second vulnerability, CVE-2025-32463, takes advantage of Sudo’s -R (chroot) option, allowing arbitrary commands to be executed as root—even if those commands aren’t explicitly listed in the sudoers file. This is a critical issue for security because, as Mirch stated, the default Sudo configuration is inherently vulnerable. The flaw allows any local unprivileged user to escalate their privileges to root if a vulnerable Sudo version is installed.
In practical terms, this flaw empowers attackers to trick Sudo into loading arbitrary shared libraries by creating a tailored /etc/nsswitch.conf file within a user-specified root directory. This could lead to the execution of harmful commands with elevated privileges, heightening risks for affected systems.
Future Precautions and Fixes
In light of these vulnerabilities, Miller has announced plans to eliminate the chroot option in upcoming Sudo releases, citing its propensity for error as a key concern. Following responsible disclosure on April 1, 2025, the vulnerabilities were patched in Sudo version 1.9.17p1, released shortly thereafter. Various Linux distributions that include Sudo, such as AlmaLinux, Debian, and Ubuntu, have also issued advisories regarding these issues.
Recommended Actions for Users
It is crucial for users to apply the latest updates and fixes to safeguard their systems. Regularly updating Linux desktop distributions and ensuring the Sudo tool is the latest version can help mitigate risks associated with these vulnerabilities. Adhering to security best practices will provide a stronger defense against potential exploitation.
By staying informed and vigilant, users can better protect their systems from such vulnerabilities and maintain a robust security posture in the face of evolving cyber threats.
