Unrated severityCISA KEVNVD Advisory· Published Jun 30, 2025· Updated Feb 26, 2026
CVE-2025-32463
CVE-2025-32463
Description
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18- Range: <1.9.17p1
- osv-coords16 versionspkg:apk/chainguard/sudopkg:apk/chainguard/sudo-devpkg:apk/chainguard/sudo-docpkg:apk/chainguard/sudo-doc-extrapkg:apk/wolfi/sudopkg:apk/wolfi/sudo-devpkg:apk/wolfi/sudo-docpkg:apk/wolfi/sudo-doc-extrapkg:rpm/almalinux/sudopkg:rpm/almalinux/sudo-python-pluginpkg:rpm/opensuse/sudo&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/sudo&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Micro%206.1
< 1.9.17-r0+ 15 more
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.17-r0
- (no CPE)range: < 1.9.15-8.p5.el10_0.2
- (no CPE)range: < 1.9.15-8.p5.el10_0.2
- (no CPE)range: < 1.9.15p5-150600.3.9.1
- (no CPE)range: < 1.9.17p1-1.1
- (no CPE)range: < 1.9.15p5-150600.3.9.1
- (no CPE)range: < 1.9.15p5-150600.3.9.1
- (no CPE)range: < 1.9.15p5-2.1
- (no CPE)range: < 1.9.15p5-slfo.1.1_2.1
- Range: 1.9.14
Patches
Vulnerability mechanics
References
15- access.redhat.com/security/cve/cve-2025-32463mitre
- bugs.gentoo.org/show_bug.cgimitre
- explore.alas.aws.amazon.com/CVE-2025-32463.htmlmitre
- security-tracker.debian.org/tracker/CVE-2025-32463mitre
- ubuntu.com/security/notices/USN-7604-1mitre
- www.openwall.com/lists/oss-security/2025/06/30/3mitre
- www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/mitre
- www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chrootmitre
- www.sudo.ws/releases/changelog/mitre
- www.sudo.ws/security/advisories/mitre
- www.sudo.ws/security/advisories/chroot_bug/mitre
- www.suse.com/security/cve/CVE-2025-32463.htmlmitre
- www.suse.com/support/update/announcement/2025/suse-su-202502177-1/mitre
- www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerabilitymitre
- www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerabilitymitre