Notification regarding two new vulnerabilities in SUDO

Published: July 3, 2025

Topics on this page:

  1. Overview
  2. Summary
  3. Vulnerability details
  4. Recommendations
  5. References
  6. Support

Overview:

The Stratascale Cyber Research Unit (CRU) team has identified two vulnerabilities in the Sudo utility. These vulnerabilities can result in the escalation of privileges to root on the impacted system.

One is a bug in the –host option, and the second leverages a flaw in the –chroot option. The easiest solution is to patch to the latest version as soon as reasonably possible to address both.

Summary:

The sudo utility (short for “superuser do”) is a command-line utility used in Unix-like operating systems, such as Linux and macOS, that allows a permitted user to run a command as another user, typically the root (administrator) user.

For CVE-2025-32462, the flaw lies with the — host option, which was intended to be used in conjunction with — list to view sudo privileges for a different host. Due to a bug, users could run commands (not just list them) on hosts for which they weren’t authorized. This undermines host-based restrictions in the sudoers file. No workaround exists for this issue.

The flaw identified for CVE-2025-32463 lies in the –chroot (-R) option of sudo, which allows users to run commands in a restricted root directory. Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user. The default Sudo configuration is vulnerable.

Vulnerability details:

  • CVE | CVSS: CVE-2025-32462 | NA
  • CVE | CVSS: CVE-2025-32463 | NA
  • Affected versions (this is the sum of the versions for the pair):
    • Stable 1.9.0 – 1.9.17
    • Legacy 1.8.8 – 1.8.32
  • Exploitation has been verified on:
    • Ubuntu 24.04.1; Sudo 1.9.15p5, Sudo 1.9.16p2
    • Fedora 41 Server; Sudo 1.9.15p5

Recommendations:

Install sudo 1.9.17p1 or later.

The chroot option is now deprecated as of 1.9.17p1. It is recommended to avoid using the chroot options, as this could unintentionally make your environment less secure if not implemented properly.

References:

Support:

As always, please let us know if you have any questions or concerns or see unusual activity on your systems that you believe might be associated with this or any other vulnerability. Please send these communications to security.response@utoronto.ca.

Related articles

Advisory

Multiple vulnerabilities disclosed on multiple Apple operating systems

May 1, 2025
CANSSOC advisory

CanSSOC advisory: Vulnerability – Critical Apache Tomcat RCE vulnerability actively exploited

March 20, 2025
CANSSOC advisory

CanSSOC advisory: Vulnerability – Critical Kibana vulnerability exposes systems to code execution

March 6, 2025