- Two faults were introduced at the end of 2013
- They live in the southern command line utility
- Correctives are available and users are advised to apply them
Two vulnerabilities have recently been identified in various Linux distributions which, when chained, allow local attackers to degenerate their privileges and thus execute arbitrary files.
Vulnerabilities are followed in the form of CVE-2025-32462 (gravity score 2.8 / 10-low gravity) and CVE-2025-32463 (gravity score 9.3 / 10 criticism) and were found in the usefulness of the SUDO command line for Linux and other UNIX type operating systems.
All the versions before 1.9.17p1 would have been vulnerable, with Rich Mirch, the researcher of stratascal who found the faults, saying that they persisted for more than a decade before being discovered. They were presented for the first time at the end of 2013, he added.
A ten -year -old flaw
Sudo (abbreviation of “superuser of”) is an order which allows an authorized user to execute an command as a root user or another user, as defined in the system of safety of the system. It provides controlled administrative access without obliging users to connect as a root account.
For example, a user can execute an Sudo command which installs Firefox on Ubuntu, because the installation of software on a system scale generally requires administrative privileges.
“This mainly affects sites that use a common Sudoers file which is distributed to several machines,” said Todd C. Miller, maintained for the Sudo project, in an opinion. “Sites that use Sudoers based on LDAP (including SSSD) are also affected.”
The Sudo’s patch was released at the end of June 2024, after a responsible disclosure which occurred in early April.
In addition, different Linux distributions have also published opinions, fixing the defect for their bone variant. For CVE-2025-32462, these are in particular Almalinux 8, Almalinux 9, Alpine Linux, Amazon Linux, Debian, Gentoo, Oracle Linux, Red Hat, Susa and Ubuntu, while for CVE-2025-32463, they include Alpine Linux, Amazon Linux, Debian, Gento, Susse and Ubuntu.
Linux users are advised to apply the available fixes and ensure that their Linux office distributions are generally updated.
Via The Hacker News
