← volver
CVE-2025-32463

CVE-2025-32463

CVSS 9.3 CRITICALEPSS 47.5%● KEVCWE-829
En resumen

Sudo anterior a la versión 1.9.17p1 tiene una falla crítica donde lee archivos de configuración de directorios controlados por el usuario al usar la opción --chroot, permitiendo que usuarios locales engañen a sudo para ejecutar comandos como root.

Detalle técnico

Vulnerabilidad CWE-829 (Ruta de Búsqueda No Confiable) en --chroot de sudo permite escalación local de privilegios mediante /etc/nsswitch.conf malicioso en directorios controlados por el atacante. La explotación requiere acceso local y capacidad de controlar el contenido del directorio antes de la ejecución de sudo con --chroot; la explotación exitosa otorga ejecución arbitraria de comandos como root.

Resumen generado y traducido por IA a partir de la descripción oficial.
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
Sudo project · Sudo
PoCs públicas encontradas62
githubgithub.com/pr0v3rbs/CVE-2025-32463_chwoot527githubgithub.com/kh4sh3i/CVE-2025-32463466githubgithub.com/MohamedKarrab/CVE-2025-3246348githubgithub.com/K1tt3h/CVE-2025-32463-POC29githubgithub.com/mirchr/CVE-2025-32463-sudo-chwoot25githubgithub.com/zinzloun/CVE-2025-3246315githubgithub.com/Nowafen/CVE-2025-3246313githubgithub.com/AdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-3246211githubgithub.com/IC3-512/linux-root-kit10githubgithub.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT9githubgithub.com/Maalfer/Sudo-CVE-2021-31568githubgithub.com/FreeDurok/CVE-2025-32463-PoC5githubgithub.com/SysMancer/CVE-2025-324634githubgithub.com/y4ney/CVE-2025-32463-lab4githubgithub.com/Yuy0ung/CVE-2025-32463_chwoot3githubgithub.com/pevinkumar10/CVE-2025-324633githubgithub.com/7r00t/cve-2025-32463-lab2githubgithub.com/KaiHT-Ladiant/CVE-2025-324632githubgithub.com/Mikivirus0/sudoinjection2githubgithub.com/abrewer251/CVE-2025-32463_Sudo_PoC1githubgithub.com/0xb0rn3/CVE-2025-32463-EXPLOIT1githubgithub.com/4f-kira/CVE-2025-324631githubgithub.com/krypton-0x00/CVE-2025-32463-Chwoot-POC1githubgithub.com/ashardev002/CVE-2025-32463_chwoot1githubgithub.com/0p5cur/CVE-2025-32463-POC1githubgithub.com/dr4xp/sudo-chroot1githubgithub.com/Chocapikk/CVE-2025-32463-lab1githubgithub.com/san8383/CVE-2025-324631githubgithub.com/aexdyhaxor/CVE-2025-324631githubgithub.com/SpongeBob-369/cve-2025-324631githubgithub.com/ChetanKomal/sudo_exploit0githubgithub.com/neko205-mx/CVE-2025-32463_Exploit0githubgithub.com/zhaduchanhzz/CVE-2025-32463_POC0githubgithub.com/robbert1978/CVE-2025-32463_POC0githubgithub.com/0xAkarii/CVE-2025-324630githubgithub.com/CIA911/sudo_patch_CVE-2025-324630githubgithub.com/ill-deed/CVE-2025-32463_illdeed0githubgithub.com/gmh5225/Blackash-CVE-2025-324630githubgithub.com/lowercasenumbers/CVE-2025-32463_sudo_chroot0githubgithub.com/morgenm/sudo-chroot-CVE-2025-324630githubgithub.com/Floodnut/CVE-2025-324630githubgithub.com/Rajneeshkarya/CVE-2025-324630githubgithub.com/MGunturG/CVE-2025-324630githubgithub.com/daryllundy/CVE-2025-324630githubgithub.com/aldoClau98/CVE-2025-324630githubgithub.com/painoob/CVE-2025-324630githubgithub.com/hacieda/CVE-2025-324630githubgithub.com/blackcat4347/CVE-2025-32463_PoC0githubgithub.com/D3ltaFormation/CVE-2025-32463-Sudo-Chroot-Escape0githubgithub.com/AC8999/CVE-2025-324630githubgithub.com/Ghstxz/CVE-2025-324630githubgithub.com/ankitpandey383/CVE-2025-32463-Sudo-Privilege-Escalation0githubgithub.com/justjoeyking/CVE-2025-324630githubgithub.com/Mr-Alperen/CVE-2025-324630githubgithub.com/SpycioKon/CVE-2025-324630githubgithub.com/vpr-labs/CVE-2025-324630githubgithub.com/danilo1992-sys/CVE-2025-324630githubgithub.com/0xBlackash/CVE-2025-324630githubgithub.com/0xzap/CVE-2025-324630githubgithub.com/Fomovet/cve-2025-324630exploitdbwww.exploit-db.com/exploits/52352no verificadocve_referenceiototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/security/cve/cve-2025-32463https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463https://explore.alas.aws.amazon.com/CVE-2025-32463.htmlhttps://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/https://security-tracker.debian.org/tracker/CVE-2025-32463https://ubuntu.com/security/notices/USN-7604-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463https://www.openwall.com/lists/oss-security/2025/06/30/3https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroothttps://www.sudo.ws/releases/changelog/https://www.sudo.ws/security/advisories/