Major Linux Distros impacted: sudo vulnerabilities let local users get root access

Recently, two major vulnerabilities in the sudo command-line for Unix and Linux OSs were discovered. The issue is that a local user can get root privileges.

Description of the vulnerabilities

• CVE-2025-32463. The root access can be received because "/etc/nsswitch.conf" from the user-control directory is with the –chroot option (Amazon, Debian, Gentoo, Alpine, SUSE, Ubuntu, and Red Hat).
• CVE-2025-32462. With the sudoers file, which determines a host that isn’t ALL or current, it can allow some listed users to execute commands (AlmaLinux 8, AlmaLinux 9, Oracle Linux, and all distros that were mentioned in the above-discussed vulnerability).

With sudo, it is possible to have a low-privileged user and run commands with superuser rights. Generally, sudo functions according to the principle of the least privileges, and that means admin tasks can be done without the permission elevations for the specific user. This command is configured via "/etc/sudoers,".

The researcher who discovered the vulnerabilities mentioned that it is rooted in Sudo's "-h" (host) option. This feature has been available for 12 years already without any disclosure. With the help of this option, it is possible to list a user’s sudo privileges for different host.

Nevertheless, this vulnerability made it possible to execute any command that is allowed by the remote host. This can impact the websites that use a common sudoers file shared by various machines.

When talking about CVE-2025-32463, it can execute root commands even when not listed in sudoers.

Sudo version 1.9.17p1 was released without these vulnerabilities. Moreover, some recommendations for different Linux distros were shared. Users should apply fixes and check whether they have the latest package updates.