Security researchers have identified a critical elevation of privilege (EoP) vulnerability in Sudo, a widely used command-line tool on Linux systems. This vulnerability, labeled CVE-2025-32463, allows local users to gain full root access through manipulation of the chroot function, which is integral to the Sudo utility.
Sudo is utilized to grant administrative privileges without sharing the root password, maintaining an audit trail in the system logs. However, this vulnerability permits unprivileged users to execute chroot() on writable paths they control, elevating their access rights inappropriately. Affected versions include Sudo 1.9.14 to 1.9.17, with verifications confirmed on Ubuntu 24.04.1 and Fedora 41 Server. Users are encouraged to upgrade to Sudo version 1.9.17p1 or later to remediate this issue.
Additionally, a second EoP vulnerability was discovered, affecting Sudo versions stable 1.9.0 through 1.9.17, as well as legacy versions 1.8.8 to 1.8.32. This longstanding bug has existed for 12 years, unnoticed since its inception with the implementation of the "host" option in Sudo. Although it is classified as low severity, it requires specific configurations to exploit, commonly found in enterprise environments. Users are similarly advised to update to Sudo 1.9.17p1 or later to address this flaw.
Rich Mirch, a principal consultant at Stratascale, emphasized the importance of auditing systems to identify such vulnerabilities, highlighting operational risks that can undermine trust and compliance. Organizations should prioritize environmental audits, particularly in shared and internet-facing systems, to enhance their security posture. Mirch stressed that undetected vulnerabilities like these suggest the probable existence of other latent risks, urging leaders to reassess how effectively their security measures unveil hidden threats.
ChicagoVPS is your gateway to unparalleled hosting solutions. Our state-of-the-art datacenters and powerful network ensures lightning-fast speeds and uninterrupted connectivity for your websites and applications. Whether you’re a startup looking for scalable resources or an enterprise in need of enterprise-grade hosting, our range of plans and customizable solutions guarantee a perfect fit. Trust in ChicagoVPS to deliver excellence, combining unmatched reliability and top-tier support.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@chicagovps.net.
