UBUNTU-CVE-2025-32463

Details

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Affected Packages

Ubuntu:24.10sudo

Affected versions:

1.9.15p5-3ubuntu5

Fixed in:

1.9.15p5-3ubuntu5.24.10.1

Ubuntu:24.04:LTSsudo

Affected versions:

1.9.14p2-1ubuntu11.9.15p5-3ubuntu11.9.15p5-3ubuntu31.9.15p5-3ubuntu41.9.15p5-3ubuntu5

Fixed in:

1.9.15p5-3ubuntu5.24.04.1

Ubuntu:25.04sudo

Affected versions:

1.9.15p5-3ubuntu51.9.16p2-1ubuntu1

Fixed in:

1.9.16p2-1ubuntu1.1

References

REPORThttps://ubuntu.com/security/CVE-2025-32463 REPORThttps://ubuntu.com/security/notices/USN-7604-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2025-32463 REPORThttps://www.sudo.ws/security/advisories/chroot_bug/

UBUNTU-CVE-2025-32463

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline