Redazione RHC : 3 October 2025 09:48
The Cyberspace and Infrastructure Security Center (CISA) recently added the critical vulnerability in the Sudo utility to its Actively Exploited Vulnerabilities (KEV) list. This effectively prompts government agencies to take immediate action to address the issue. The list was updated on Monday with the addition of four more vulnerabilities.
The vulnerability in question is CVE-2025-32463 (CVSS threat score 9.3), which affects all versions of Sudo prior to 1.9.17p1, on both Linux distributions and Unix-like systems.
“Sudo contains a vulnerability that allows third-party functionality to be invoked without verifying the scope of control,” the CISA publication states. ” This vulnerability allows a local attacker to use the sudo -R (chroot) option to execute arbitrary commands as root, even if the attacker is not present in the sudo user list.”
The U.S. Cyberspace and Infrastructure Defense Center has ordered government agencies to mitigate vulnerabilities in Sudo and four other software products by October 20.
Sudo is a command-line utility available on Linux and Unix-like systems. It allows unprivileged users to run commands as administrators or other privileged users. This allows for limited execution of actions that would normally require administrative privileges. The sudoers file is a list that defines user permissions and the commands they can execute using sudo.
The CISA publication does not provide details on how exactly the CVE-2025-32463 vulnerability is exploited . Information about the vulnerability became public in July of this year, when Stratascale researcher Rich Mirch published his analysis.
It is mentioned that exploitation has been confirmed on systems running Ubuntu 24.04.1 (Sudo 1.9.15p5, Sudo 1.9.16p2) and Fedora 41 Server (Sudo 1.9.15p5). The Hacker News publication also lists the Linux distributions whose developers and maintainers have issued security bulletins regarding this vulnerability: besides Ubuntu, these include Alpine Linux, Amazon Linux, Debian, Gentoo, and Red Hat.
“This isn’t the first time bugs have been discovered in sudo,” notes Alexander Zonov , an expert at the data processing company SEQ. “When this critical infrastructure, especially if it’s extremely widespread, becomes a weak link, the consequences can be quite dramatic. Therefore, fixing vulnerabilities should be a priority.”
CISA directs all U.S. federal agencies to take steps to address these vulnerabilities by October 20, 2025.
Redazione