Critical Linux sudo Vulnerability (CVE‑2025‑32463) Enables Root Privilege Escalation
Borncity reported on July 1 that a critical sudo vulnerability (CVE‑2025‑32463) in Linux, caused by mishandling of /etc/nsswitch.conf and flawed options like –host, –h and –chroot, –R, can allow attackers to execute arbitrary code and elevate privileges to root, affecting sudo versions 1.9.14‑1.9.17.
Technology media Borncity published a blog on July 1 reporting a serious vulnerability in the Linux sudo command that can be exploited to gain root-level privileges.
The vulnerability, tracked as CVE‑2025‑32463, stems from improper handling of the /etc/nsswitch.conf file, potentially allowing unauthorized root access.
Specifically, the sudo command is vulnerable when using the “-host, -h” options, originally intended for remote command execution, but can be abused for privilege escalation and unauthorized execution on remote hosts.
Additionally, using the “-chroot, -R” parameters also contains a flaw that permits arbitrary code execution, compromising the sudoers file’s restrictions. The sudoers file is a critical policy file that defines user sudo permissions.
Affected sudo versions range from 1.9.14 to 1.9.17, and sudo 1.9.17p1 has already patched the issue.
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.