{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-32463", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-07-01T19:58:59.312Z", "dateReserved": "2025-04-09T00:00:00.000Z", "datePublished": "2025-06-30T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sudo", "vendor": "Sudo project", "versions": [{"lessThan": "1.9.17p1", "status": "affected", "version": "1.9.14", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-01T19:58:59.312Z"}, "references": [{"url": "https://www.sudo.ws/security/advisories/"}, {"url": "https://www.sudo.ws/releases/changelog/"}, {"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"}, {"url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"}, {"url": "https://access.redhat.com/security/cve/cve-2025-32463"}, {"url": "https://ubuntu.com/security/notices/USN-7604-1"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"}, {"url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"}, {"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"}, {"url": "https://www.suse.com/security/cve/CVE-2025-32463.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.9.14", "versionEndExcluding": "1.9.17p1"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T13:24:29.798564Z", "id": "CVE-2025-32463", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T13:24:35.192Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32463", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-01T13:24:29.798564Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T13:24:32.317Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "Sudo project", "product": "Sudo", "versions": [{"status": "affected", "version": "1.9.14", "lessThan": "1.9.17p1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.sudo.ws/security/advisories/"}, {"url": "https://www.sudo.ws/releases/changelog/"}, {"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"}, {"url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"}, {"url": "https://access.redhat.com/security/cve/cve-2025-32463"}, {"url": "https://ubuntu.com/security/notices/USN-7604-1"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"}, {"url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"}, {"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"}, {"url": "https://www.suse.com/security/cve/CVE-2025-32463.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-829", "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.9.17p1", "versionStartIncluding": "1.9.14"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-01T19:58:59.312Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32463", "state": "PUBLISHED", "dateUpdated": "2025-07-01T19:58:59.312Z", "dateReserved": "2025-04-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-06-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."}, {"lang": "es", "value": "Sudo anterior a 1.9.17p1 permite a los usuarios locales obtener acceso root porque /etc/nsswitch.conf desde un directorio controlado por el usuario se utiliza con la opci\u00f3n --chroot."}], "id": "CVE-2025-32463", "lastModified": "2025-07-03T15:14:12.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-06-30T21:15:30.257", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/security/cve/cve-2025-32463"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"}, {"source": "cve@mitre.org", "url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"}, {"source": "cve@mitre.org", "url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"}, {"source": "cve@mitre.org", "url": "https://ubuntu.com/security/notices/USN-7604-1"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"}, {"source": "cve@mitre.org", "url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"}, {"source": "cve@mitre.org", "url": "https://www.sudo.ws/releases/changelog/"}, {"source": "cve@mitre.org", "url": "https://www.sudo.ws/security/advisories/"}, {"source": "cve@mitre.org", "url": "https://www.suse.com/security/cve/CVE-2025-32463.html"}, {"source": "cve@mitre.org", "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "sudo: LPE via chroot option", "id": "2374693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374693"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-427", "details": ["Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.", "A flaw was found in Sudo. This flaw allows a local attacker to escalate their privileges by tricking Sudo into loading an arbitrary shared library using the user-specified root directory via the `-R` (`--chroot`) option. An attacker can run arbitrary commands as root on systems that support `/etc/nsswitch.conf`."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-32463", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-06-30T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-32463\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-32463\nhttps://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot\nhttps://www.sudo.ws/security/advisories/chroot_bug/"], "statement": "The severity of this vulnerability is rated as Important due to the requirement that an attacker must have access to a valid account on a system and that it allows a local unprivileged attacker to escalate their privileges even if the account is not listed in the sudoers file.\nDue to the limited range of vulnerable versions, this vulnerability does not affect RHEL-9 or any earlier versions of RHEL. Due to this, Openshift is also not affected by this vulnerability.", "threat_severity": "Important"}