- Two flaws were first introduced in late 2013
- They reside in the Sudo command-line utility
- Patches are available and users are advised to apply them
Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files.
The vulnerabilities are tracked as CVE-2025-32462 (severity score 2.8/10 – low severity), and CVE-2025-32463 (severity score 9.3/10 critical), and were found in the Sudo command-line utility for Linux and other Unix-like operating systems.
All versions before 1.9.17p1 were said to be vulnerable, with Rich Mirch, the Stratascale researcher who found the flaws, saying they were lingering for more than a decade before being discovered. They were first introduced in late 2013, he added.
A decade-old flaw
Sudo (short for “superuser do”) is a command that allows a permitted user to execute a command as the root user or another user, as defined in the system’s security policy. It provides controlled administrative access without requiring users to log in as the root account.
For example, a user might run a sudo command that installs Firefox on Ubuntu, since installing software system-wide usually requires administrative privileges.
“This primarily affects sites that use a common sudoers file that is distributed to multiple machines,” Todd C. Miller, a maintainer for the Sudo project, said in an advisory. “Sites that use LDAP-based sudoers (including SSSD) are similarly impacted.”
The patch for Sudo was released in late June 2024, after responsible disclosure which happened in early April.
Furthermore, different Linux distributions also released advisories, fixing the flaw for their variant of the OS. For CVE-2025-32462, these include AlmaLinux 8, AlmaLinux 9, Alpine Linux, Amazon Linux, Debian, Gentoo, Oracle Linux, Red Hat, SUSE, and Ubuntu, while for CVE-2025-32463, they include Alpine Linux, Amazon Linux, Debian, Gentoo, Red Hat, SUSE, and Ubuntu.
Linux users are advised to apply the available patches and make sure their Linux desktop distributions are generally updated.
Via The Hacker News
