Sudo actively exploited root-level command execution flaw (CVE-2025-32463)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-32463 in the sudo package is being actively exploited, creating root-level command execution risk for Linux systems. CISA added the flaw to its KEV catalog and told federal agencies to apply mitigations or stop using sudo by October 20. The bug affects sudo 1.9.14 through 1.9.17 and can be triggered with -R (--chroot) even when a user is not in sudoers. A public proof of concept appeared on July 4, and additional exploits circulated publicly soon after.
Related Happenings
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
Vulnerability
First: 20.05.2026 13:52
Last: 20.05.2026 13:52
Sources 1
About this happening:
**PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)
VulnerabilityAbout this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...
Linux kernel Dirty Frag local root escalation privilege-escalation flaw
Vulnerability
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...
Linux kernel Dirty Frag local root escalation privilege-escalation flaw
VulnerabilityAbout this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/Mitigation
First: 30.04.2026 12:24
Last: 30.04.2026 12:24
Sources 1
About this happening:
Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
Linux distributions mitigation advisories for CVE-2026-31431
Advisory/MitigationAbout this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
Timeline
-
30.09.2025 16:42 1 articles · 7mo ago
Official disclosure of CVE-2025-32463 in sudo
Initial DisclosureCVE-2025-32463 is officially disclosed in sudo, affecting versions 1.9.14 through 1.9.17 and carrying a critical severity score of 9.3 out of 10. The flaw enables a local attacker to execute commands with root-level privileges on Linux operating systems by using sudo's -R (--chroot) option without sudoers authorization.
Show sources
- CISA warns of critical Linux Sudo flaw exploited in attacks — www.bleepingcomputer.com — 30.09.2025 16:42
-
30.09.2025 16:42 1 articles · 7mo ago
Public exploit code for CVE-2025-32463 begins circulating
Technical Analysis UpdateAdditional exploit code for CVE-2025-32463 begins circulating publicly, likely derived from the technical write-up. The circulation increases the likelihood that the sudo -R (--chroot) privilege-escalation flaw on Linux systems can be abused outside of the original research context.
Show sources
- CISA warns of critical Linux Sudo flaw exploited in attacks — www.bleepingcomputer.com — 30.09.2025 16:42
-
30.09.2025 16:42 1 articles · 7mo ago
Proof-of-concept exploit for CVE-2025-32463 is released
Technical Analysis UpdateRich Mirch releases a proof-of-concept exploit for CVE-2025-32463, showing that the flaw has existed since the June 2023 release of sudo version 1.9.14. The proof of concept demonstrates how a local attacker can use sudo's -R (--chroot) option to run arbitrary commands as root even when not listed in sudoers.
Show sources
- CISA warns of critical Linux Sudo flaw exploited in attacks — www.bleepingcomputer.com — 30.09.2025 16:42
-
30.09.2025 16:42 2 articles · 7mo ago
CISA adds CVE-2025-32463 to KEV and orders mitigation by October 20
Legal Policy Action UpdateCISA adds CVE-2025-32463 to its Known Exploited Vulnerabilities (KEV) catalog, warns that sudo is being exploited in real-world attacks on Linux, and tells federal agencies to apply the official mitigations or discontinue the use of sudo by October 20. The action turns the sudo privilege-escalation flaw into a priority mitigation item for affected organizations worldwide.
Show sources
- CISA warns of critical Linux Sudo flaw exploited in attacks — www.bleepingcomputer.com — 30.09.2025 16:42
- CISA warns of critical Linux Sudo flaw exploited in attacks — www.bleepingcomputer.com — 30.09.2025 16:42