Critical Sudo Bugs Hand Attackers Root Access – Patch Now
Security researchers have uncovered two flaws in the ubiquitous Sudo utility that let any local user on vulnerable Linux and Unix-like systems gain root.
• CVE-2025-32462 (CVSS 2.8) – a 12-year-old bug in the -h host option lets commands permitted for a different host run on the local machine.
CVE-2025-32463 (CVSS 9.3) – exploiting the -R chroot option, an attacker can supply a rogue /etc/nsswitch.conf inside a fake root and load arbitrary libraries, achieving full privilege escalation.
Both issues are fixed in Sudo 1.9.17p1 released in late June 2025; major Linux vendors have issued patches and plan to remove the chroot feature altogether.
What’s happened?
Two newly-disclosed vulnerabilities in the Sudo command found on virtually every Linux distribution allow any logged-in user to become root in seconds. The flaws were reported by Stratascale researcher Rich Mirch and affect Sudo versions prior to 1.9.17p1.
CVE Severity How it works Who is at risk?
2025-32462 Medium sudo -h <other-host> mistakenly executes permitted remote-host commands locally. Sites that share the same sudoers file across multiple machines or use LDAP/SSSD-based sudo rules.
2025-32463 Critical sudo -R <dir> loads the attacker’s own nsswitch.conf, letting them inject a malicious library and run it as root. Any default Sudo install – no special sudoers rules are needed.
Why it matters
• Universal impact – Sudo ships by default on Red Hat, Ubuntu, Debian, SUSE, Amazon Linux and more.
• Low bar to exploit – only local shell access is required. No passwordless rules, no special groups.
• Long-standing weakness – the host-option bug has been present for over a decade.
What to do
1. Update Sudo to 1.9.17p1 or later via your distro’s package manager.
2. Verify that sudo -V shows the patched build.
3. Consider removing any unnecessary -R chroot usage; the Sudo project plans to drop the option in future.
4. If you distribute a central sudoers file, audit host-specific rules immediately.
Patches are already available from AlmaLinux, Alpine, Amazon Linux, Debian, Gentoo, Oracle Linux, Red Hat, SUSE and Ubuntu.