Full Report
Following the disclosure of two local privilege escalation (LPE) vulnerabilities, CVE-2025-6018 and CVE-2025-6019, less than a month ago, that impact major Linux distributions, a new wave of security flaws targeting Linux systems has recently emerged. Security researchers have identified two local privilege escalation vulnerabilities, tracked as CVE-2025-32462 and CVE-2025-32463, that affect a widely used Sudo […] The post CVE-2025-32463 and CVE-2025-32462: Sudo Local Privilege Escalation Vulnerabilities Threaten Linux Environments appeared first on SOC Prime.
Analysis Summary
# Vulnerability: Sudo Local Privilege Escalation via Hostname Checks
## CVE Details
- CVE ID: CVE-2025-32463 and CVE-2025-32462 (Implied, as they are addressed together)
- CVSS Score: Not explicitly provided in the text. Severity is implied as High due to Local Privilege Escalation to root.
- CWE: Not explicitly provided in the text. (Likely related to Improper Access Control or Input Validation).
## Affected Systems
- Products: Sudo (Software Utility)
- Versions: Stable: v1.9.0–1.9.17; Legacy: v1.8.8–1.8.32
- Configurations: Exploitable when Sudo rules are restricted to specific hostnames or patterns, allowing users to abuse functions intended only for displaying privileges for a different host while executing commands or editing files.
## Vulnerability Description
The vulnerabilities allow for Local Privilege Escalation (LPE) to the root user when using `sudo`. The flaw stems from mechanisms intended to display a user's `sudo` privileges for a different host being incorrectly triggered or usable during commands/file edits, even when hostname restrictions are in place. This violation of intended conditional logic allows an authorized, but unprivileged, user to escalate their privileges to root.
## Exploitation
- Status: Not explicitly stated as *in the wild*, but LPE vulnerabilities are generally considered critical risk.
- Complexity: Low (Implied, as "privilege escalation to root can occur without the need for a sophisticated exploit" when rules are restricted).
- Attack Vector: Local (Requires an existing, limited user account on the system).
## Impact
- Confidentiality: High (Potential access to all system data as root).
- Integrity: High (Ability to modify or destroy any system file).
- Availability: High (Ability to halt or sabotage the operating system).
## Remediation
### Patches
- Update Sudo to version **1.9.17p1** (This release addresses both CVE-2025-32463 and CVE-2025-32462).
- Users of major distributions (Ubuntu, Debian, SUSE) should apply vendor-specific updates as they have been rolled out.
### Workarounds
- No official workarounds are mentioned as recommended by the vendor; immediate patching is advised.
## Detection
- **Indicators of Compromise (IoCs):** Focus on unusual usage patterns of `sudo` commands, especially those involving host interactions if relevant utility arguments are present, though the vulnerability mechanism is complex.
- **Detection Methods and Tools:** Security teams should prioritize vulnerability scanning to confirm patch levels. Proactive threat detection should monitor for unauthorized privilege escalations.
## References
- Vendor advisories (Sudo official sources, not provided)
- Relevant links:
- SOC Prime Article: hxxps://socprime.com/blog/cve-2025-32463-and-cve-2025-32462-vulnerabilities/