Overview

• CVE-2025-32463 carries a CVSS score of 9.3 and affects Sudo versions prior to 1.9.17p1 on Linux and other Unix-like systems.
• CISA confirmed in-the-wild exploitation and added the flaw to its Known Exploited Vulnerabilities catalog.
• The vulnerability allows a local user to run arbitrary commands as root via the -R (--chroot) option even without sudoers privileges.
• Exploitation depends on systems that support /etc/nsswitch.conf by loading a crafted file from a user-specified root directory.
• A fix shipped in June with Sudo 1.9.17p1 deprecating the chroot behavior, and federal agencies must remediate by October 20 under BOD 22-01; CISA also listed exploited issues in Adminer, Cisco IOS/IOS XE, Fortra GoAnywhere MFT, and Libraesva ESG.