SUDO VULNERABILITY

[impeeza]

GRAVE SUDO VULNERABILITY!!!

Cybersecurity researchers have disclosed two local privilege escalation vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems that could allow attackers to gain root access and potentially take full control of affected enterprise machines.

Vulnerabilities are listed below:​

1. CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines
2. CVE-2025-32463 (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option

Recommendations:​

• Prioritize patching both bugs, even though only one of them received a critical CVSS rating.
• Monitor system logs for suspicious sudo activity, watch for unauthorized privilege escalation, and audit sudo configurations to restrict access to necessary users (CVE-2025-32462).

Platform Affected:​

CVE	Affected versions	Fixed versions
CVE-2025-32462	Sudo before 1.9.17p1	Update via normal methods depending on vendor contract.
CVE-2025-32463	Sudo before 1.9.17p1	Update via normal methods depending on vendor contract.

Active Exploits: ​

None reported at this time.

 

[lwiz]

"sudo su -" - only thing you ever need to do with sudo. There are use cases, where sudo is good, certain users having access to limited set of privileged commands etc. but IMNSHO having to type more probably causes more "rm -R /*"-misfires than prevents those. Both vulns seem to affect pretty rare-ish set of circumstances though. Latter even seems to be loonix only.

 

[a_username_that_is_cool]

"sudo su -" - only thing you ever need to do with sudo. There are use cases, where sudo is good, certain users having access to limited set of privileged commands etc. but IMNSHO having to type more probably causes more "rm -R /*"-misfires than prevents those. Both vulns seem to affect pretty rare-ish set of circumstances though. Latter even seems to be loonix only.

sudo su is so funny because i remember when people told you not to use su with sudo... but now it doesnt work any other way LOL.

 

[cearp]

"sudo su -" - only thing you ever need to do with sudo.

That's basically becoming root, not so recommended (safer to run individual commands instead)
sudo exists so that you can do something as a different user. using it to switch to the actual root user is overkill for most things.

of course, if you fully know what you're doing, do whatever you want, if you have root access it's your machine (hopefully )

 

[RyanTheArchivist]

GRAVE SUDO VULNERABILITY!!!

Cybersecurity researchers have disclosed two local privilege escalation vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems that could allow attackers to gain root access and potentially take full control of affected enterprise machines.

Vulnerabilities are listed below:​

1. CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines
2. CVE-2025-32463 (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option

Recommendations:​

• Prioritize patching both bugs, even though only one of them received a critical CVSS rating.
• Monitor system logs for suspicious sudo activity, watch for unauthorized privilege escalation, and audit sudo configurations to restrict access to necessary users (CVE-2025-32462).

Platform Affected:​

[TABLE=full]
[TR]
[td]CVE[/td][td]Affected versions[/td][td]Fixed versions[/td]
[/TR]
[TR]
[td]CVE-2025-32462[/td][td]Sudo before 1.9.17p1[/td][td]Update via normal methods depending on vendor contract.[/td]
[/TR]
[TR]
[td]CVE-2025-32463[/td][td]Sudo before 1.9.17p1[/td][td]Update via normal methods depending on vendor contract.[/td]
[/TR]
[/TABLE]

Active Exploits: ​

None reported at this time.

The thing is this isnt even some memory corruption or anything odd like that. It's just a straight up flaw in the logic.

 

[Reualed]

For non linux users, there is something worth mentioning here.

sudo itself isn't baked into the kernel. As in, it's just a program. Meaning that in a lot of scenarios, it can be uninstalled, and opted for a root account. Some systems do this for security sake where they don't want users having any chance to escalate at all.
The other important thing to mention, is as far as I know it's not an RCE. It's local only, meaning that generally speaking either an attacker has to have physical access to your machine, or you download a compromised binary online.

Oh and the exploit is already fixed, and given how severe the vulnerability is, it's bound to be fixed in slower moving distros if they haven't already. Because despite it not being an RCE, it bypasses the entire security structure Linux has regarding user and group policy permissions.

 

[lwiz]

That's basically becoming root, not so recommended (safer to run individual commands instead)
sudo exists so that you can do something as a different user. using it to switch to the actual root user is overkill for most things.

of course, if you fully know what you're doing, do whatever you want, if you have root access it's your machine (hopefully )

Still pretty silly to install by default on one user machines, or even corporate servers you have full access to. Does not prevent any user mistakes in the end and can even cause those due the bother of extra typing. Of course, running su via sudo can prevent the exposure of (master)root password, which can mitigate problems on shared password environments.

 

[tech3475]

"sudo su -" - only thing you ever need to do with sudo. There are use cases, where sudo is good, certain users having access to limited set of privileged commands etc. but IMNSHO having to type more probably causes more "rm -R /*"-misfires than prevents those. Both vulns seem to affect pretty rare-ish set of circumstances though. Latter even seems to be loonix only.

rm now has protections in place to try and prevent this, so you'd have to be trying to break the system "--no-preserve-root"

https://linux.die.net/man/1/rm

Sudo makes sense considering things like package managers from terminal, modifying system files, etc.

Just yesterday I needed to modify a systems login script and the efi system partition.

There are also numerous times I've encountered where I need root access but switching to root is unnecessary e.g. following a guide installing dependencies using a package manager.

On a side note, I usually use "sudo -s".

Post automatically merged: Jul 11, 2025

Still pretty silly to install by default on one user machines, or even corporate servers you have full access to. Does not prevent any user mistakes in the end and can even cause those due the bother of extra typing. Of course, running su via sudo can prevent the exposure of (master)root password, which can mitigate problems on shared password environments.

You can control who has access to sudo using the sudoers file.

It was actually annoying on one distro where I had to manually add my account to sudoers and on a different distro where I needed root login I had to manually enable it because they wanted you to use sudo.

Overall I think it makes sense by default on regular desktop systems, especially for the initial admin user.

 

[Moseii]

sudo is great, and has a lots of features, but it's all bloat for the average user and it adds a major unnecessary attack surface imho. i prefer to use opendoas instead.