{"id":"CVE-2025-32463","details":"Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.","modified":"2026-04-16T04:34:41.710574202Z","published":"2025-06-30T21:15:30.257Z","related":["ALSA-2025:11537","CGA-j23v-qfmp-2j8j","SUSE-SU-2025:02177-1","SUSE-SU-2025:20478-1","SUSE-SU-2025:20489-1","openSUSE-SU-2025:15298-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2025-32463"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2025-32463"},{"type":"ADVISORY","url":"https://www.sudo.ws/security/advisories/"},{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7604-1"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2025/06/30/3"},{"type":"ADVISORY","url":"https://www.sudo.ws/security/advisories/chroot_bug/"},{"type":"ADVISORY","url":"https://www.suse.com/security/cve/CVE-2025-32463.html"},{"type":"ADVISORY","url":"https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability"},{"type":"ADVISORY","url":"https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/"},{"type":"ADVISORY","url":"https://explore.alas.aws.amazon.com/CVE-2025-32463.html"},{"type":"ADVISORY","url":"https://www.sudo.ws/releases/changelog/"},{"type":"ADVISORY","url":"https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability"},{"type":"REPORT","url":"https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"},{"type":"EVIDENCE","url":"https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"},{"type":"EVIDENCE","url":"https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sudo-project/sudo","events":[{"introduced":"26f1789b3fa6252cda11a520a4e797cc18ac5380"},{"fixed":"84e7ca6752a2d3a32452adee177d1f57421dd814"},{"introduced":"0"},{"last_affected":"84e7ca6752a2d3a32452adee177d1f57421dd814"}],"database_specific":{"versions":[{"introduced":"1.9.14"},{"fixed":"1.9.17"},{"introduced":"0"},{"last_affected":"1.9.17-NA"}]}}],"versions":["SUDO_1_9_14","SUDO_1_9_14p1","SUDO_1_9_14p2","SUDO_1_9_14p3","SUDO_1_9_15","SUDO_1_9_15p1","SUDO_1_9_15p2","SUDO_1_9_15p3","SUDO_1_9_15p4","SUDO_1_9_15p5","SUDO_1_9_16","SUDO_1_9_16p1","SUDO_1_9_16p2","v1.9.14","v1.9.14p1","v1.9.14p2","v1.9.14p3","v1.9.15","v1.9.15p1","v1.9.15p2","v1.9.15p3","v1.9.15p4","v1.9.15p5","v1.9.16","v1.9.16p1","v1.9.16p2","v1.9.17"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32463.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"22.04"}]},{"events":[{"introduced":"0"},{"last_affected":"24.04"}]},{"events":[{"introduced":"0"},{"last_affected":"24.10"}]},{"events":[{"introduced":"0"},{"last_affected":"25.04"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]},{"events":[{"introduced":"0"},{"last_affected":"13.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.6"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp6"}]},{"events":[{"introduced":"0"},{"last_affected":"15-sp7"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp6"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0-sp7"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp6"}]},{"events":[{"introduced":"0"},{"last_affected":"12-sp7"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}