CVE-2025-32463

Name: CVE-2025-32463
Creator: NVD / NIST
Published: 2025-06-30T21:15:30.257+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 47.47%

Last modified Jun 17, 2026

CVE-2025-32463 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.. CISA has confirmed active exploitation in the wild. EPSS estimates a 47.47% chance of exploitation in the next 30 days.

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

47.47%

98.7th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Oct 20, 2025.

Weakness Enumeration

CWE-829

Affected Software

Vendor	Product	Versions	Update
Sudo Project	Sudo	>= 1.9.14, < 1.9.17	—
Sudo Project	Sudo	1.9.17	—
Canonical	Ubuntu Linux	22.04	—
Canonical	Ubuntu Linux	24.04	—
Canonical	Ubuntu Linux	24.10	—
Canonical	Ubuntu Linux	25.04	—
Debian	Debian Linux	11.0	—
Debian	Debian Linux	12.0	—
Debian	Debian Linux	13.0	—
Opensuse	Leap	15.6	—
Redhat	Enterprise Linux	10.0	—
Suse	Linux Enterprise Desktop	15	Sp6
Suse	Linux Enterprise Real Time	15.0	Sp2
Suse	Linux Enterprise Server For Sap	12	Sp6

References

https://access.redhat.com/security/cve/cve-2025-32463Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463Issue Tracking, Third Party Advisory
https://explore.alas.aws.amazon.com/CVE-2025-32463.htmlThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2025-32463Third Party Advisory
https://ubuntu.com/security/notices/USN-7604-1Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/06/30/3Third Party Advisory
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/Exploit, Third Party Advisory
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chrootExploit, Third Party Advisory
https://www.sudo.ws/releases/changelog/Release Notes
https://www.sudo.ws/security/advisories/Vendor Advisory
https://www.sudo.ws/security/advisories/chroot_bug/Vendor Advisory
https://www.suse.com/security/cve/CVE-2025-32463.htmlThird Party Advisory
https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerabilityThird Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerabilityMitigation, Third Party Advisory
https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463US Government Resource

Timeline

Published: Jun 30, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-32463?

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

How severe is CVE-2025-32463?

CVE-2025-32463 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 47.47% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2025-32463?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-32463?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST