- Two defects were first introduced at the end of 2013
- They reside in the usefulness of the Sudo command line
- Patches are available and users are recommended to apply them
Recently two vulnerabilities were detected in several Linux distributions that, when chained, allow local attackers to increase their privileges and, therefore, execute arbitrary files.
Vulnerabilities are tracked as CVE-2025-32462 (gravity score 2.8/10-Low severity) and CVE-2025-32463 (9.3/10 critical gravity score), and were found in the usefulness of the Sudo command line for Linux and other operating systems similar to UNIX.
It was said that all versions before 1.9.17p1 were vulnerable, with Rich Mirch, the Stratascale researcher who found the defects, saying that they were persisting for more than a decade before being discovered. They presented themselves for the first time at the end of 2013, he added.
A decade defect
Sudo (abbreviation for “Superuser Do”) is a command that allows the allowed user to execute a command as a root or other user, as defined in the system’s security policy. It provides controlled administrative access without demanding users to log in as a root account.
For example, a user can execute a SUDO command that installs Firefox in Ubuntu, since the installation of software throughout the system requires administrative privileges.
“This mainly affects the sites that use a common sudoers archive that is distributed to multiple machines,” said Todd C. Miller, a maintainer of the Sudo project, in a notice. “The sites that use Sudoers based on LDAP (including SSSD) are similarly affected.”
The patch for Sudo was released at the end of June 2024, after the responsible dissemination that occurred in early April.
In addition, different Linux distributions also published notices, fixing the failure for their operating system variant. For CVE-2025-32462, they include Almalinux 8, Almalinux 9, Alpine Linux, Amazon Linux, Debian, Gentoo, Oracle Linux, Red Hat, SUSE and Ubuntu, while for CVE-2025-32463, they include Alpine Linux, Amazon Linux, Debian, People, Red Hat, Sw the Ubuntu
Linux users are recommended to apply the available patches and ensure that their Linux desktop distributions are generally updated.
Through The hacker news
