Critical Vulnerability in Linux sudo Command 9.3 Fixed: Potential Privilege Escalation to Root Level

Click the blue “Most Coders” to follow me!

Add a “star“, every day at 18:03, let’s learn technology together

Source: IT Home

Critical Vulnerability in Linux sudo Command 9.3 Fixed: Potential Privilege Escalation to Root Level

Technology media borncity reported yesterday (July 1) that a serious vulnerability exists in the sudo command in Linux, which can be exploited by attackers to escalate privileges to root level.

According to the blog post, the vulnerability is tracked under CVE-2025-32463, and its root cause lies in the improper handling of the /etc/ nsswitch.conf file by the system, which may allow unauthorized access to root privileges.

Specifically, the sudo command has a vulnerability when using the “-host, -h” option, which is intended for remote code execution, but exploiting this vulnerability can lead to privilege escalation, allowing unauthorized execution on a remote host.

Critical Vulnerability in Linux sudo Command 9.3 Fixed: Potential Privilege Escalation to Root Level

Additionally, there is an error when using the “-chroot, -R” parameter, which allows arbitrary code execution, undermining the correct restrictions in the sudoers file. The sudoers file is a critical “policy” file in Linux systems that defines the permissions for system users to execute sudo.

The affected sudo versions are from 1.9.14 to 1.9.17, and sudo 1.9.17p1 has fixed this vulnerability.

Critical Vulnerability in Linux sudo Command 9.3 Fixed: Potential Privilege Escalation to Root Level

Leave a Comment