Vulnerability Management, Threat Intelligence

Key Linux distributions threatened by Sudo vulnerabilities

Linux source code with a binary background. 3D rendered Illustration.

(Spectral-Design via Getty Images)

Major Linux distributions could be compromised in attacks involving a pair of security flaws impacting versions of the Sudo command-line utility before 1.9.17p1, according to Security Affairs.

More severe of the vulnerabilities is the critical issue, tracked as CVE-2025-32463, which could be leveraged to facilitate root access acquisition, while the low-severity bug, tracked as CVE-2025-32462, could be exploited to allow command execution on unintended machines, noted Stratascale Cyber Research Unit researchers, who discovered and reported the security defects. Further analysis of CVE-2025-32462 revealed its origins from the "host" option unveiled by Sudo in 2013, which has prompted the treatment of an unrelated remote host rule as valid for the local system. "As a result, any command allowed by the remote host rule can be executed on the local machine. Even though the production server is explicitly denied for the lowpriv user, root access is achieved by specifying the host option for the development server," said the report.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BotnetBrute ForceCovert ChannelsData MiningDeauthentication AttackDeepfakeDefacementDomain HijackingDumpster DivingFault Line Attacks

You can skip this ad in 5 seconds