← voltar
CVE-2025-32463

CVE-2025-32463

CVSS 9.3 CRITICALEPSS 47.5%● KEVCWE-829
Em resumo

O Sudo anterior à versão 1.9.17p1 possui uma falha crítica onde lê arquivos de configuração de diretórios controlados pelo usuário ao usar a opção --chroot, permitindo que usuários locais enganem o sudo para executar comandos como root.

Detalhe técnico

Vulnerabilidade CWE-829 (Caminho de Busca Não Confiável) no --chroot do sudo permite escalação local de privilégios através de malicioso /etc/nsswitch.conf em diretórios controlados pelo atacante. A exploração requer acesso local e capacidade de controlar o conteúdo do diretório antes da execução do sudo com --chroot; execução bem-sucedida concede execução arbitrária de comandos como root.

Resumo gerado e traduzido por IA a partir da descrição oficial.
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Sudo project · Sudo
PoCs públicas encontradas62
githubgithub.com/pr0v3rbs/CVE-2025-32463_chwoot527githubgithub.com/kh4sh3i/CVE-2025-32463466githubgithub.com/MohamedKarrab/CVE-2025-3246348githubgithub.com/K1tt3h/CVE-2025-32463-POC29githubgithub.com/mirchr/CVE-2025-32463-sudo-chwoot25githubgithub.com/zinzloun/CVE-2025-3246315githubgithub.com/Nowafen/CVE-2025-3246313githubgithub.com/AdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-3246211githubgithub.com/IC3-512/linux-root-kit10githubgithub.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT9githubgithub.com/Maalfer/Sudo-CVE-2021-31568githubgithub.com/FreeDurok/CVE-2025-32463-PoC5githubgithub.com/SysMancer/CVE-2025-324634githubgithub.com/y4ney/CVE-2025-32463-lab4githubgithub.com/Yuy0ung/CVE-2025-32463_chwoot3githubgithub.com/pevinkumar10/CVE-2025-324633githubgithub.com/7r00t/cve-2025-32463-lab2githubgithub.com/KaiHT-Ladiant/CVE-2025-324632githubgithub.com/Mikivirus0/sudoinjection2githubgithub.com/abrewer251/CVE-2025-32463_Sudo_PoC1githubgithub.com/0xb0rn3/CVE-2025-32463-EXPLOIT1githubgithub.com/4f-kira/CVE-2025-324631githubgithub.com/krypton-0x00/CVE-2025-32463-Chwoot-POC1githubgithub.com/ashardev002/CVE-2025-32463_chwoot1githubgithub.com/0p5cur/CVE-2025-32463-POC1githubgithub.com/dr4xp/sudo-chroot1githubgithub.com/Chocapikk/CVE-2025-32463-lab1githubgithub.com/san8383/CVE-2025-324631githubgithub.com/aexdyhaxor/CVE-2025-324631githubgithub.com/SpongeBob-369/cve-2025-324631githubgithub.com/ChetanKomal/sudo_exploit0githubgithub.com/neko205-mx/CVE-2025-32463_Exploit0githubgithub.com/zhaduchanhzz/CVE-2025-32463_POC0githubgithub.com/robbert1978/CVE-2025-32463_POC0githubgithub.com/0xAkarii/CVE-2025-324630githubgithub.com/CIA911/sudo_patch_CVE-2025-324630githubgithub.com/ill-deed/CVE-2025-32463_illdeed0githubgithub.com/gmh5225/Blackash-CVE-2025-324630githubgithub.com/lowercasenumbers/CVE-2025-32463_sudo_chroot0githubgithub.com/morgenm/sudo-chroot-CVE-2025-324630githubgithub.com/Floodnut/CVE-2025-324630githubgithub.com/Rajneeshkarya/CVE-2025-324630githubgithub.com/MGunturG/CVE-2025-324630githubgithub.com/daryllundy/CVE-2025-324630githubgithub.com/aldoClau98/CVE-2025-324630githubgithub.com/painoob/CVE-2025-324630githubgithub.com/hacieda/CVE-2025-324630githubgithub.com/blackcat4347/CVE-2025-32463_PoC0githubgithub.com/D3ltaFormation/CVE-2025-32463-Sudo-Chroot-Escape0githubgithub.com/AC8999/CVE-2025-324630githubgithub.com/Ghstxz/CVE-2025-324630githubgithub.com/ankitpandey383/CVE-2025-32463-Sudo-Privilege-Escalation0githubgithub.com/justjoeyking/CVE-2025-324630githubgithub.com/Mr-Alperen/CVE-2025-324630githubgithub.com/SpycioKon/CVE-2025-324630githubgithub.com/vpr-labs/CVE-2025-324630githubgithub.com/danilo1992-sys/CVE-2025-324630githubgithub.com/0xBlackash/CVE-2025-324630githubgithub.com/0xzap/CVE-2025-324630githubgithub.com/Fomovet/cve-2025-324630exploitdbwww.exploit-db.com/exploits/52352não verificadocve_referenceiototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/security/cve/cve-2025-32463https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463https://explore.alas.aws.amazon.com/CVE-2025-32463.htmlhttps://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/https://security-tracker.debian.org/tracker/CVE-2025-32463https://ubuntu.com/security/notices/USN-7604-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463https://www.openwall.com/lists/oss-security/2025/06/30/3https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroothttps://www.sudo.ws/releases/changelog/https://www.sudo.ws/security/advisories/