The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a critical security flaw to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of its active exploitation. The vulnerability affects Sudo, a command-line utility for Linux and Unix-like operating systems that allows users to run programs with the security privileges of another user, often the root user.
The flaw, tracked as CVE-2025-32463, has a CVSS score of 9.3, indicating its high severity. Discovered by Stratascale researcher Rich Mirch in July 2025, the vulnerability impacts Sudo versions older than 1.9.17p1. It is described as an “inclusion of functionality from an untrusted control sphere vulnerability,” which could enable a local attacker to bypass security checks and run arbitrary commands as a root user, even if they aren’t authorized to do so in the sudoers file.
While the specifics of how the flaw is being exploited in real-world attacks remain unknown, CISA’s action highlights the urgency for organizations to address it. In addition to the Sudo vulnerability, CISA also added four other flaws to its KEV catalog: CVE-2021-21311, a server-side request forgery vulnerability in Adminer; CVE-2025-20352, a stack-based buffer overflow in Cisco IOS and IOS XE; CVE-2025-10035, a deserialization of untrusted data flaw in Fortra GoAnywhere MFT; and CVE-2025-59689, a command injection vulnerability in Libraesva Email Security Gateway (ESG). These additions underscore a proactive effort to track and mitigate flaws that cybercriminals are actively using.
Each of the newly listed vulnerabilities has its own unique risks and has been tied to specific threat actors or disclosure events. For example, the Adminer flaw was exploited by a threat actor named UNC2903 to target AWS IMDS setups, while the Cisco, Fortra, and Libraesva vulnerabilities were all recently disclosed as actively exploited. This variety demonstrates that threat actors are not focusing on one type of system but rather exploiting a diverse range of vulnerabilities across different platforms and software.
Given the active exploitation of these vulnerabilities, federal agencies are under a strict directive from CISA to apply the necessary patches and mitigations. For the Sudo flaw, Federal Civilian Executive Branch (FCEB) agencies have until October 20, 2025, to secure their networks. This deadline is a clear signal of the serious risk these unpatched vulnerabilities pose to government infrastructure and the broader cybersecurity landscape.
Reference:
