A critical elevation of privilege vulnerability has been discovered in the popular Linux utility known as Sudo. Security researchers also found another dangerous flaw that has been lying hidden for more than a decade. Sudo is a privileged command-line tool that is installed on ninety-nine percent of all Linux servers. This means around thirty to fifty million endpoints in the United States alone could be potentially affected. The utility is often used to implement least privilege access by delegating many different important administrator tasks.
The first vulnerability, CVE-2025-32463, enables local users to gain full root access to a targeted system. This is accomplished through the abuse of the chroot function, which is a standard feature of the utility. The issue arises from allowing an unprivileged user to invoke chroot() on a writable, untrusted path. The issue affects Sudo versions 1.9.14 through 1.9.17 and has been verified on Ubuntu and Fedora Server. Sudo users are now being urged to install Sudo version 1.9.17p1 or later to fix this vulnerability.
The same security vendor found a second elevation of privilege bug in Sudo that has gone unnoticed for twelve years.
The vulnerability, CVE-2025-32462, allows unauthorized users to gain root access on affected systems. It exploits a fundamental flaw in how Sudo processes the host option when used with certain commands. No exploit is needed to elevate privileges in this case as it leverages built-in Sudo functionality. The vulnerability has been verified on recent versions of both the Ubuntu and macOS Sequoia operating systems.
It is important to understand that long-undetected vulnerabilities like this highlight critical gaps in security visibility.
These exposures are not just technical failures, they are operational risks that can undermine user trust. Business leaders must prioritize an immediate audit of their environment to identify where similar blind spots exist. System administrators should immediately update to Sudo version 1.9.17p1 or later to address this vulnerability. No workaround currently exists for this issue, making prompt patching essential for maintaining system security and integrity.
Reference:
