The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw that affects SUDO command line utilities in operating systems like Linux and Unix.
The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects SUDO versions prior to 1.9.17P1. It was revealed in July 2025 by Stratascale researcher Rich Mirch.
“Sudo includes the inclusion of features from untrusted control sphere vulnerabilities,” CISA said. “The vulnerability allows local attackers to take advantage of sudo’s -r (-chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.”
We don’t know how the lack of real-world attacks is being misused at present, and who is behind such efforts. Also, four other defects added to the KEV catalog –
CVE-2021-21311-Admaner contains a server-side request forgery vulnerability that allows remote attackers to obtain potentially sensitive information. (It is disclosed in May 2022 that Google Mandiant was exploited by a threat actor targeting an AWS IMDS setup called EX2903) CVE-2025-20352-IOS XE contains a stack-based overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem. (Disclosed as being exploited by Cisco last week) (Disclosed as being exploited by Watchtowr Labs last week) CVE-2025-59689-Libraesva Email Security Gateway (ESG) contains a command injection vulnerability that allows command injection via compressed email attachments. (Disclosed as exploited by Libraesva last week)
In light of aggressive exploitation, federal private enforcement division (FCEB) agencies relying on affected products are encouraged to ensure their networks by October 20, 2025.
Source link
