Security researchers have discovered a critical elevation of privilege (EoP) vulnerability in a popular Linux utility, and another that has been lying hidden for over a decade.
Sudo is a privileged command-line tool installed on 99% of Linux servers and workstations, which means around 30-50 million endpoints in the US alone, according to security vendor Stratascale.
The utility is often used to implement least privilege access by delegating admin tasks that require elevated privileges without sharing the root password, and also creating an audit trail in the system log, Stratascale explained.
However, CVE-2025-32463 undermines this by enabling local users to gain full root access to a targeted system, via abuse of the chroot function.
Read more on Sudo security issues: VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation
“The issue arises from allowing an unprivileged user to invoke chroot() on a writable, untrusted path under their control. Sudo calls chroot() several times, regardless of whether the user has corresponding Sudo rule configured,” Stratascale explained.
“Allowing a low-privileged user the ability to call chroot() with root authority to a writable location can have various security risks.”
The issue, which was introduced in June 2023, affects Sudo versions 1.9.14 - 1.9.17, and has been verified on Ubuntu 24.04.1 and Fedora 41 Server. Sudo users are urged to install Sudo 1.9.17p1 or later to fix the critical vulnerability.
The same security vendor found a second EoP bug in Sudo versions Stable 1.9.0 - 1.9.17 and Legacy 1.8.8 - 1.8.32.
Remarkably, it has gone unnoticed for 12 years, having been introduced when the “host” option was implemented in the Sudo code. No exploit is needed to elevate privileges in this case.
“The issue can only be leveraged with specific configurations using the Host or Host_Alias directives, which are commonly used in enterprise environments,” Stratascale warned.
Although it’s classed only as a low-severity bug, users are urged to update to Sudo 1.9.17p1 or later to mitigate the issue.
“It’s important to understand that long-undetected vulnerabilities like this highlight critical gaps in visibility across digital infrastructures. These exposures aren’t just technical failures, they are operational risks that can undermine trust, identity and compliance,” argued Stratascale principal consultant, Rich Mirch.
“Business leaders must prioritize an immediate audit of their environment to identify where similar blind spots exist, ensure teams have the detection capabilities and response processes to avoid repeat scenarios and patch all vulnerable systems.”
Organizations should focus first on shared environments and systems in untrusted locations like internet-facing assets, he concluded.
“This vulnerability serves as a call to reassess how effectively your security investments are surfacing latent risks. If this one went undetected, it’s likely others have too,” said Mirch.
No tags.
