Critical Sudo Vulnerabilities Expose Millions of Linux Systems to Root Attacks

Security researchers have uncovered two vulnerabilities in the Sudo command-line tool, a core utility on Linux and Unix-like systems. These flaws, tracked as CVE-2025-32462 and CVE-2025-32463, enable local users to escalate their privileges to root, granting them full control over affected machines.

CVE-2025-32462 exploits the Sudo host option, allowing users to execute commands on unauthorized machines by bypassing host-based restrictions in the sudoers file. CVE-2025-32463, considered critical, leverages the chroot option to let attackers load malicious libraries and gain root access, even without explicit sudo permissions.

The vulnerabilities impact a wide range of Linux distributions, including Ubuntu, Fedora, Debian, and SUSE, and extend to macOS Sequoia. With Sudo present on nearly every Linux system, the exposure is vast, and immediate action is required.

Widespread Impact Across Major Linux Distributions

The reach of these vulnerabilities is extensive due to Sudo’s near-universal deployment in enterprise, cloud, and personal Linux environments. Systems running Sudo versions 1.9.14 through 1.9.17 are especially at risk, with legacy and stable branches both affected by CVE-2025-32462. CVE-2025-32463 is present in versions 1.9.14 to 1.9.17, introduced by changes in path resolution during chroot operations.

Organizations using shared sudoers files or LDAP-based sudoers are particularly vulnerable, as the host-based flaw can be exploited across multiple machines. The chroot vulnerability, meanwhile, requires no specific sudo rules, exposing even default configurations to privilege escalation.

Security advisories from major Linux vendors confirm that both vulnerabilities can be exploited for root access, and no effective workaround exists other than immediate patching.

Did you know?
The Sudo host option vulnerability (CVE-2025-32462) remained undetected for over 12 years, affecting millions of systems worldwide since its introduction in 2013.

Why These Vulnerabilities Went Undetected for Over a Decade

CVE-2025-32462 has existed in Sudo’s codebase for more than 12 years, introduced with the host option in 2013. The flaw allowed users to specify a different host and bypass intended restrictions, a logic error that evaded detection despite Sudo’s critical security role.

CVE-2025-32463 emerged from a recent change in how Sudo handles chroot environments, inadvertently allowing attackers to inject malicious configuration files and escalate privileges. Both vulnerabilities highlight the risks of legacy code and the challenge of securing foundational open-source utilities.

The discovery points out the value of continuous code review and the complexity of privilege management in large, distributed environments.

ALSO READ | Chinese Hackers Breach French Government and Telecoms Using Ivanti CSA Zero-Days

Immediate Mitigation Steps for Administrators

Security experts and project maintainers urge all Linux administrators to upgrade Sudo to version 1.9.17p1 or later without delay. The patched release restricts the host option to listing operations only and addresses the flaw in chroot path resolution.

Given the lack of viable workarounds, prompt patching is the only effective defense. Automated patch management solutions and thorough testing in staging environments are recommended to ensure smooth deployment and minimize operational risk.

Failure to update leaves systems open to local privilege escalation, potentially resulting in data breaches, service disruptions, or lateral movement by attackers within enterprise networks.

The Broader Implications for Open Source Security

These Sudo vulnerabilities serve as a stark reminder of the persistent risks in widely used open-source infrastructure. As attackers increasingly target privilege escalation vectors, organizations must prioritize timely updates and robust configuration management.

The flaws also highlight the need for ongoing investment in open-source security audits and the adoption of best practices for privilege delegation. With Sudo’s ubiquity, even minor oversights can have global consequences, reinforcing the urgency of proactive vulnerability management.

Industry leaders stress that transparency and rapid response are essential to maintaining trust in the open-source ecosystem and protecting critical digital infrastructure.