CVE-2025-32463

CRITICAL CISA KEV
Published Jun 30, 2025 Modified Nov 5, 2025 CWE-829

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVSS v3.1 Score

9.3
CRITICAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Sep 29, 2025 Remediation due: Oct 20, 2025

Weakness Type (CWE)

CWE-829 CWE-829

Affected Products

Vendor Product
sudo_project sudo
sudo_project sudo
canonical ubuntu_linux
canonical ubuntu_linux
canonical ubuntu_linux
canonical ubuntu_linux
debian debian_linux
debian debian_linux
debian debian_linux
opensuse leap
redhat enterprise_linux
suse linux_enterprise_desktop
suse linux_enterprise_desktop
suse linux_enterprise_real_time
suse linux_enterprise_real_time
suse linux_enterprise_real_time
suse linux_enterprise_server_for_sap
suse linux_enterprise_server_for_sap

References

Frequently Asked Questions

What is CVE-2025-32463? +
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. It has a CVSS v3.1 base score of 9.3 (CRITICAL). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.
How severe is CVE-2025-32463? +
CVE-2025-32463 has a CVSS v3.1 score of 9.3 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-32463? +
CVE-2025-32463 affects products from canonical, debian, opensuse, redhat, sudo_project, suse, specifically: debian_linux, enterprise_linux, leap, linux_enterprise_desktop, linux_enterprise_real_time, linux_enterprise_server_for_sap, sudo, ubuntu_linux. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-32463? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-45482

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an …
CVE-2025-36852

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those …
CVE-2025-27510

conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the …
CVE-2025-24796

Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, …
CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control …
CVE-2025-34060

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-32463 — free, no signup required.

Start Free Scan