Sudo Vulnerability CVE-2025-32463 Actively Exploited in Linux and Unix Systems

First reported

30.09.2025 08:41

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A critical security flaw in the Sudo command-line utility for Linux and Unix-like operating systems, identified as CVE-2025-32463, is being actively exploited. This vulnerability affects Sudo versions prior to 1.9.17p1 and allows local attackers to run arbitrary commands as root, even if they are not listed in the sudoers file. The flaw was disclosed in July 2025 and added to CISA's Known Exploited Vulnerabilities (KEV) catalog on September 30, 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised Federal Civilian Executive Branch (FCEB) agencies to apply necessary mitigations by October 20, 2025, to secure their networks.

Timeline

30.09.2025 08:41 1 articles · 1h ago

Sudo Vulnerability CVE-2025-32463 Actively Exploited
CISA added the critical Sudo vulnerability CVE-2025-32463 to its Known Exploited Vulnerabilities (KEV) catalog on September 30, 2025. The flaw, affecting Sudo versions prior to 1.9.17p1, allows local attackers to run arbitrary commands as root. The vulnerability was disclosed in July 2025 and is actively exploited in the wild. FCEB agencies are advised to apply mitigations by October 20, 2025.
Show sources

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41
Open in new tab

Information Snippets

The vulnerability CVE-2025-32463 affects Sudo versions prior to 1.9.17p1.
First reported: 30.09.2025 08:41

1 source, 1 article
Show sources
- CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41
The flaw allows local attackers to run arbitrary commands as root, even if they are not listed in the sudoers file.
First reported: 30.09.2025 08:41

1 source, 1 article
Show sources
- CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41
The vulnerability was disclosed by Stratascale researcher Rich Mirch in July 2025.
First reported: 30.09.2025 08:41

1 source, 1 article
Show sources
- CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41
CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on September 30, 2025.
First reported: 30.09.2025 08:41

1 source, 1 article
Show sources
- CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41
FCEB agencies are advised to apply mitigations by October 20, 2025.
First reported: 30.09.2025 08:41

1 source, 1 article
Show sources
- CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems — thehackernews.com — 30.09.2025 08:41