CVE-2025-32463

🗓️ 30 Jun 2025 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 70 Media mentions👁 510 Views🌐 WEB

Sudo before version 1.9.17p1 allows local users to gain root access via nsswitch.conf exploit

Reporter	Title	Published	Views	Family All 163
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	30 Oct 202508:47	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	8 Aug 202520:00	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	2 Oct 202508:29	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	14 Jul 202523:07	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	17 Jul 202505:57	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	6 Jul 202521:15	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	9 Jul 202519:10	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	30 Sep 202500:23	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	9 Aug 202513:18	–	githubexploit
GithubExploit	Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo	19 Oct 202514:22	–	githubexploit

NVD

Vulners

CNA

Node

sudo_project sudoRange1.9.14–1.9.17

sudo_project sudoMatch1.9.17-

Node

canonical ubuntu_linuxMatch22.04lts

canonical ubuntu_linuxMatch24.04lts

canonical ubuntu_linuxMatch24.10-

canonical ubuntu_linuxMatch25.04-

debian debian_linuxMatch11.0

debian debian_linuxMatch12.0

debian debian_linuxMatch13.0

opensuse leapMatch15.6

redhat enterprise_linuxMatch10.0

suse linux_enterprise_desktopMatch15sp6

suse linux_enterprise_desktopMatch15sp7

suse linux_enterprise_real_timeMatch15.0sp2

suse linux_enterprise_real_timeMatch15.0sp6

suse linux_enterprise_real_timeMatch15.0sp7

suse linux_enterprise_server_for_sapMatch12sp6

suse linux_enterprise_server_for_sapMatch12sp7

[
  {
    "defaultStatus": "unaffected",
    "product": "Sudo",
    "vendor": "Sudo project",
    "versions": [
      {
        "lessThan": "1.9.17p1",
        "status": "affected",
        "version": "1.9.14",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
vicarius	www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability
explore	www.explore.alas.aws.amazon.com/CVE-2025-32463.html
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-32463
sudo	www.sudo.ws/releases/changelog/
bugs	www.bugs.gentoo.org/show_bug.cgi
secpod	www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
suse	www.suse.com/security/cve/CVE-2025-32463.html
openwall	www.openwall.com/lists/oss-security/2025/06/30/3
ubuntu	www.ubuntu.com/security/notices/USN-7604-1
sudo	www.sudo.ws/security/advisories/

Parameter	Position	Path	Description	CWE
passwd	path	/etc/nsswitch.conf	Malicious nsswitch.conf loaded by sudo in a user-controlled chroot can direct NSS to load attacker-controlled libraries	CWE-829
group	path	/etc/nsswitch.conf	Malicious nsswitch.conf loaded by sudo in a user-controlled chroot can direct NSS to load attacker-controlled libraries	CWE-829
shadow	path	/etc/nsswitch.conf	Malicious nsswitch.conf loaded by sudo in a user-controlled chroot can direct NSS to load attacker-controlled libraries	CWE-829
woot1337	path	libnss_/woot1337.so.2	Malicious NSS shared library loaded when sudo resolves NSS data inside chroot	CWE-829

05 Nov 2025 19:26Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.8 - 9.3

EPSS0.57345

SSVC