CVE-2025-32463HIGH 7.8CISA KEVEPSS p98.7%

CVE-2025-32463Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

Sudo / Sudo

Description

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.

Scoring

CVSS 3.17.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS48.01% probability of exploitation · percentile 98.7% · 2026-06-18T12:00:27Z
Published2025-06-30
Last modified2025-11-05

CISA KEV entry

Added to KEV: 2025-09-29

Underlying weaknesses· 1

CWE-829

References

  1. https://access.redhat.com/security/cve/cve-2025-32463
  2. https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
  3. https://explore.alas.aws.amazon.com/CVE-2025-32463.html
  4. https://security-tracker.debian.org/tracker/CVE-2025-32463
  5. https://ubuntu.com/security/notices/USN-7604-1
  6. https://www.openwall.com/lists/oss-security/2025/06/30/3
  7. https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
  8. https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

1

TypeTargetConfidenceTier
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-8290%live

(incoming)1

TypeTargetConfidenceTier
KEVEntrySudo Inclusion of Functionality from Untrusted Control Sphere Vulnerabilitykev-cve-2025-324630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32462
CVE
CVE-2025-25269
CVE
Sudo Heap-Based Buffer Overflow Vulnerability
CVE
CVE-2025-1127
CVE
CVE-2026-35535
CVE
CVE-2025-25270
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.