CVE-2025-32463

CRITICALNVD 9.39.3—Trending — 5 sources updated this weekExploited in the wild

9.3

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVSS v3: 9.3
EG Score: 9.3(high)
EPSS: 98.2%
KEV: ⚠ Exploited

Published

June 30, 2025

Last Modified

November 5, 2025

Advisory Details (10)

Auto-updated Jun 1, 2026

⚠️ Active exploitation confirmed. Patch available. Sources: redhat, ubuntu.

generic

Security Advisories | Sudo

https://www.sudo.ws/security/advisories/

generic

ChangeLog | Sudo

https://www.sudo.ws/releases/changelog/

generic🟡 PoC Available

Sudo chroot elevation of privilege | Stratascale

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

generic🔴 Active Exploitation

Sudo LPE Vulnerabilities Resolved: What You Need to Know About CVE-202 | SecPod

https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/

generic

oss-security - CVE-2025-32463: sudo local privilege escalation via chroot option

https://www.openwall.com/lists/oss-security/2025/06/30/3

ubuntu Patch Available

USN-7604-1: Sudo vulnerabilities | Ubuntu security notices | Ubuntu

Affected: Ubuntu 24.04 LTS, Ubuntu 24.10, and

https://ubuntu.com/security/notices/USN-7604-1

generic

CVE-2025-32463

https://security-tracker.debian.org/tracker/CVE-2025-32463

generic

CVE-2025-32463

https://explore.alas.aws.amazon.com/CVE-2025-32463.html

generic

959314 – (CVE-2025-32462, CVE-2025-32463) <app-admin/sudo-1.9.17_p1: two local privilege escalation vulnerabilities

https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463

redhat Patch Available

cve-details

https://access.redhat.com/security/cve/cve-2025-32463

Patch Availability(2)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
ubuntu	sudo-ldap (1.9.15p5-3ubuntu5.24.04.1) @ noble	2026-06-03	ubuntu
redhat	sudo-0:1.9.15-8.p5.el10_0.2	2025-07-22	redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-829Inclusion of Functionality from Untrusted Control Sphere

All Vendor Advisories

(3)

Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.

Data Freshness Timeline

(refreshed 20× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-03 19:09 UTCkev_newly_listed
2026-06-03 17:28 UTCEG score recompute
2026-06-03 17:28 UTCVendor advisory
2026-06-03 17:28 UTCGHSA enrichment
2026-06-03 13:04 UTCEG score recompute
2026-06-03 13:04 UTCVendor advisory
2026-06-03 13:04 UTCGHSA enrichment
2026-06-03 08:40 UTCEG score recompute
2026-06-03 08:40 UTCVendor advisory
2026-06-03 08:40 UTCGHSA enrichment
2026-06-03 04:16 UTCEG score recompute
2026-06-03 04:16 UTCVendor advisory
2026-06-03 04:16 UTCGHSA enrichment
2026-06-02 23:52 UTCEG score recompute
2026-06-02 23:52 UTCVendor advisory
2026-06-02 23:52 UTCGHSA enrichment
2026-06-02 20:12 UTCepss_batch
2026-06-02 19:27 UTCEG score recompute
2026-06-02 19:27 UTCVendor advisory
2026-06-02 19:27 UTCGHSA enrichment

Publicly available exploits

(10 references)

Working exploit code is in the public domain (9 GitHub PoCs) (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

GitHub PoCNowafen/CVE-2025-32463
First seen Aug 8, 2025
This CVE addresses a vulnerability in sudo versions 1.9.14 to 1.9.17, enabling unauthorized local privilege escalation to root access.
Open source ↗
GitHub PoCAdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-32462
First seen Jul 21, 2025
A deep dive into two critical Sudo vulnerabilities (CVE‑2025‑32463 & CVE‑2025‑32462) that enable local privilege escalation across major Linux distributions.
Open source ↗
GitHub PoCMohamedKarrab/CVE-2025-32463
First seen Jul 14, 2025
Privilege escalation to root using sudo chroot, NO NEED for gcc installed.
Open source ↗
Exploit-DBEDB-52352
First seen Jul 8, 2025
Sudo chroot 1.9.17 - Local Privilege Escalation
Open source ↗
GitHub PoCK3ysTr0K3R/CVE-2025-32463-EXPLOIT
First seen Jul 6, 2025
A PoC exploit for CVE-2025-32463 - Sudo Privilege Escalation
Open source ↗
GitHub PoCzinzloun/CVE-2025-32463
First seen Jul 4, 2025
# CVE-2025-32463 – Sudo EoP Exploit (PoC) with precompiled .so
Open source ↗
GitHub PoCmirchr/CVE-2025-32463-sudo-chwoot
First seen Jul 3, 2025
PoC for CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability
Open source ↗
GitHub PoCkh4sh3i/CVE-2025-32463
First seen Jul 2, 2025
Local Privilege Escalation to Root via Sudo chroot in Linux
Open source ↗
GitHub PoCK1tt3h/CVE-2025-32463-POC
First seen Jul 1, 2025
CVE-2025-32463 Proof of concept
Open source ↗
GitHub PoCIC3-512/linux-root-kit
First seen Jul 1, 2025
End-to-end simulation of a Python dependency confusion attack, sudo privilege escalation (CVE-2025-32463), and rootkit-based persistence - with full memory and network forensic analysis.
Open source ↗

Frequently asked(6)

What is CVE-2025-32463?

CVE-2025-32463 is a critical vulnerability published on June 30, 2025. Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

When was CVE-2025-32463 disclosed?

CVE-2025-32463 was first published in the National Vulnerability Database on June 30, 2025, with the most recent update on November 5, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2025-32463 actively exploited?

Yes. CISA added CVE-2025-32463 to the Known Exploited Vulnerabilities catalog on September 29, 2025, affecting Sudo Sudo. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2025-32463?

CVE-2025-32463 has a CVSS v3 base score of 9.3 (NVD).

Which products are affected by CVE-2025-32463?

CVE-2025-32463 affects Sudo Sudo. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2025-32463?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2025-32463, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2025-32463

Explore →

Is Your Infrastructure Affected by CVE-2025-32463?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2025-32463

📅 Published

🔄 Last Modified

📋 Advisory Details (10)

Security Advisories | Sudo

ChangeLog | Sudo

Sudo chroot elevation of privilege | Stratascale

Sudo LPE Vulnerabilities Resolved: What You Need to Know About CVE-202 | SecPod

oss-security - CVE-2025-32463: sudo local privilege escalation via chroot option

USN-7604-1: Sudo vulnerabilities | Ubuntu security notices | Ubuntu

CVE-2025-32463

CVE-2025-32463

959314 – (CVE-2025-32462, CVE-2025-32463) <app-admin/sudo-1.9.17_p1: two local privilege escalation vulnerabilities

cve-details

Patch Availability(2)

Weakness Classification(1)

All Vendor Advisories

Data Freshness Timeline

Publicly available exploits

❓ Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2025-32463?

Published

Last Modified

Advisory Details (10)

Frequently asked(6)