Linux system administrators and users are being urged to apply immediate updates after the discovery of two serious vulnerabilities in the widely-used Sudo utility — one of which has remained hidden for over 12 years.
Sudo is a critical command-line tool installed on nearly 99% of Linux-based servers and desktops, according to cybersecurity firm Stratascale. This utility allows administrators to delegate certain high-privilege commands to regular users, without giving away the root password. It also helps maintain an audit trail, improving both security and accountability.
But recent findings show that this trusted tool has two elevation of privilege (EoP) vulnerabilities, potentially allowing local attackers to gain root-level access — a severe risk in any environment, especially in shared or internet-facing systems.
The first and most serious issue is identified as CVE-2025-32463. It was discovered in Sudo versions 1.9.14 to 1.9.17 and stems from how Sudo handles the chroot() system call.
Normally, chroot() is used to change the root directory of a process for security isolation. But in this case, an unprivileged user can trick Sudo into calling chroot() on a writable and untrusted path, leading to full root access.
According to Stratascale, the vulnerability exists because Sudo does not properly verify permissions when calling chroot() — and it does so even if the user doesn’t have the proper Sudo permissions defined.
“Allowing a low-privileged user the ability to call
chroot()with root authority to a writable location can have various security risks,” Stratascale warned.
This vulnerability has been confirmed to affect modern Linux distributions such as Ubuntu 24.04.1 and Fedora 41 Server, putting millions of endpoints at risk.
The second vulnerability may not be as severe but is just as concerning due to how long it went unnoticed. It affects both the Stable (v1.9.0 – v1.9.17) and Legacy (v1.8.8 – v1.8.32) versions of Sudo. This bug dates back over 12 years, introduced when the Host and Host_Alias configuration options were first added.
No exploit code or external payload is needed to take advantage of this bug. It can be triggered in environments where those Host directives are used — which is common in enterprise networks.
While this issue is considered low-severity, Stratascale emphasized that the implications can be serious if left unpatched.
“This kind of long-standing vulnerability highlights a broader issue — gaps in security visibility and configuration oversight in many environments,” said Rich Mirch, Principal Consultant at Stratascale.
Both vulnerabilities are fixed in Sudo version 1.9.17p1, which has now been released. Linux users and administrators are strongly advised to update to this version or later as soon as possible.
The risks these flaws pose are especially serious in multi-user systems, cloud environments, and servers exposed to the internet, where attackers may already have some access and are looking for ways to escalate privileges.
“Organizations should prioritize auditing systems that are shared across multiple users or located in untrusted environments,” Mirch added.
These vulnerabilities underline a critical truth: even well-established and widely-used open-source tools can contain undetected flaws for years. This incident should prompt all organizations to re-evaluate how they detect and mitigate security risks, especially those involving legacy code.
Mirch also highlighted the operational risks such vulnerabilities present:
“These exposures aren’t just technical flaws — they represent gaps in trust, compliance, and risk management. If a simple misconfiguration can stay hidden for 12 years, what else could be lurking undetected?”
He called for business leaders and IT teams to:
Audit existing infrastructure for similar blind spots
Strengthen detection capabilities across environments
Enforce patch management policies with urgency
Continuously monitor least privilege access implementations
This recent discovery of two vulnerabilities in Sudo is a wake-up call for Linux users and IT security teams alike. Critical tools like Sudo, used by millions globally, require continuous scrutiny — not only from developers but also from the organizations that rely on them daily.
By updating to Sudo 1.9.17p1 or later, users can protect their systems from two significant privilege escalation threats, ensure compliance with best security practices, and maintain the integrity of their Linux environments.
Interesting Article : New AT&T Feature Stops SIM Swapping and Phone Number Theft