In the world of Linux, if you want to do anything as the administrator, you would need to use the command “sudo”. This simple command possesses the power of a thousand suns and once used it will allow you to do anything with unfettered access.

OK, well that might be an overexaggerating of the sudo command. However, according to a new security advisory from Rich Mirch at Stratascale’s Cyber Research Unit (CRU), there are not one but two critical vulnerabilities in Sudo.

This reminds me of the proverb “A chain is only as strong as its weakest link”. You see, Sudo is a command that has been put in place to protect us from harming our systems and it does this by delegating admin-level access without the need to share the root password and logging these actions for accountability.

Thanks to the help of Rich Mirch and their researchers, we now know the seriousness of this vulnerability. You see, in Sudo there is a relation to the chroot feature which affects the default configuration and does not require any special Sudo rules to be predefined by the end user.

Affected Versions Link to heading

This vulnerability is present in Sudo versions 1.9.14 through 1.9.17. Earlier versions such as 1.8 do not seem to be affected. This is due to the fact that they do not include the chroot feature.

Proof of Concept Link to heading

A proof of concept (POC) has been published by Stratascale over on GitHub, CVE-2025-32463_chwoot. This POC demonstrates how the vulnerability can be exploited in practice and serves as a valuable resource for security professionals who are looking to understand the attack vector being used.

Conclusion Link to heading

CVE-2025-32463 represents a critical threat to all Linux systems that are running the vulnerable versions of sudo. The combination of its high severity and the relatively simple exploitation method makes this a vulnerability that demands immediate attention from system administrators and security professionals alike.

Organizations should prioritize checking their infrastructure for vulnerable systems, patching, implementing additional monitoring as needed, and using this incident as an opportunity to harden their overall security posture.