← back
CVE-2025-32463

CVE-2025-32463

CVSS 9.3 CRITICALEPSS 47.5%● KEVCWE-829
In short

Sudo versions before 1.9.17p1 have a critical flaw where it reads configuration files from user-controlled directories when using the --chroot option, allowing local users to trick sudo into running commands as root.

Technical detail

CWE-829 (Untrusted Search Path) vulnerability in sudo's --chroot functionality allows local privilege escalation through malicious /etc/nsswitch.conf placement in attacker-controlled directories. Exploitation requires local access and ability to control directory contents before sudo execution with --chroot; successful exploitation grants arbitrary root command execution.

Summary generated and translated by AI from the official description.
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Sudo project · Sudo
public PoCs found62
githubgithub.com/pr0v3rbs/CVE-2025-32463_chwoot527githubgithub.com/kh4sh3i/CVE-2025-32463466githubgithub.com/MohamedKarrab/CVE-2025-3246348githubgithub.com/K1tt3h/CVE-2025-32463-POC29githubgithub.com/mirchr/CVE-2025-32463-sudo-chwoot25githubgithub.com/zinzloun/CVE-2025-3246315githubgithub.com/Nowafen/CVE-2025-3246313githubgithub.com/AdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-3246211githubgithub.com/IC3-512/linux-root-kit10githubgithub.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT9githubgithub.com/Maalfer/Sudo-CVE-2021-31568githubgithub.com/FreeDurok/CVE-2025-32463-PoC5githubgithub.com/SysMancer/CVE-2025-324634githubgithub.com/y4ney/CVE-2025-32463-lab4githubgithub.com/Yuy0ung/CVE-2025-32463_chwoot3githubgithub.com/pevinkumar10/CVE-2025-324633githubgithub.com/7r00t/cve-2025-32463-lab2githubgithub.com/KaiHT-Ladiant/CVE-2025-324632githubgithub.com/Mikivirus0/sudoinjection2githubgithub.com/abrewer251/CVE-2025-32463_Sudo_PoC1githubgithub.com/0xb0rn3/CVE-2025-32463-EXPLOIT1githubgithub.com/4f-kira/CVE-2025-324631githubgithub.com/krypton-0x00/CVE-2025-32463-Chwoot-POC1githubgithub.com/ashardev002/CVE-2025-32463_chwoot1githubgithub.com/0p5cur/CVE-2025-32463-POC1githubgithub.com/dr4xp/sudo-chroot1githubgithub.com/Chocapikk/CVE-2025-32463-lab1githubgithub.com/san8383/CVE-2025-324631githubgithub.com/aexdyhaxor/CVE-2025-324631githubgithub.com/SpongeBob-369/cve-2025-324631githubgithub.com/ChetanKomal/sudo_exploit0githubgithub.com/neko205-mx/CVE-2025-32463_Exploit0githubgithub.com/zhaduchanhzz/CVE-2025-32463_POC0githubgithub.com/robbert1978/CVE-2025-32463_POC0githubgithub.com/0xAkarii/CVE-2025-324630githubgithub.com/CIA911/sudo_patch_CVE-2025-324630githubgithub.com/ill-deed/CVE-2025-32463_illdeed0githubgithub.com/gmh5225/Blackash-CVE-2025-324630githubgithub.com/lowercasenumbers/CVE-2025-32463_sudo_chroot0githubgithub.com/morgenm/sudo-chroot-CVE-2025-324630githubgithub.com/Floodnut/CVE-2025-324630githubgithub.com/Rajneeshkarya/CVE-2025-324630githubgithub.com/MGunturG/CVE-2025-324630githubgithub.com/daryllundy/CVE-2025-324630githubgithub.com/aldoClau98/CVE-2025-324630githubgithub.com/painoob/CVE-2025-324630githubgithub.com/hacieda/CVE-2025-324630githubgithub.com/blackcat4347/CVE-2025-32463_PoC0githubgithub.com/D3ltaFormation/CVE-2025-32463-Sudo-Chroot-Escape0githubgithub.com/AC8999/CVE-2025-324630githubgithub.com/Ghstxz/CVE-2025-324630githubgithub.com/ankitpandey383/CVE-2025-32463-Sudo-Privilege-Escalation0githubgithub.com/justjoeyking/CVE-2025-324630githubgithub.com/Mr-Alperen/CVE-2025-324630githubgithub.com/SpycioKon/CVE-2025-324630githubgithub.com/vpr-labs/CVE-2025-324630githubgithub.com/danilo1992-sys/CVE-2025-324630githubgithub.com/0xBlackash/CVE-2025-324630githubgithub.com/0xzap/CVE-2025-324630githubgithub.com/Fomovet/cve-2025-324630exploitdbwww.exploit-db.com/exploits/52352unverifiedcve_referenceiototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/security/cve/cve-2025-32463https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463https://explore.alas.aws.amazon.com/CVE-2025-32463.htmlhttps://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/https://security-tracker.debian.org/tracker/CVE-2025-32463https://ubuntu.com/security/notices/USN-7604-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463https://www.openwall.com/lists/oss-security/2025/06/30/3https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroothttps://www.sudo.ws/releases/changelog/https://www.sudo.ws/security/advisories/