# Vendor Homepage: <https://www.sudo.ws>
# Software Link: <https://www.sudo.ws/dist/sudo-1.9.17.tar.gz>
# Version: Stable 1.9.0 - 1.9.17, Legacy 1.8.8 - 1.8.32
# Fixed in: 1.9.17p1
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
The Stratascale Cyber Research Unit (CRU) recently discovered multiple local privilege escalation vulnerabilities in sudo. This research focuses on CVE-2025-32463, a flaw in the rarely used --chroot (-R) option that allows a local user to escalate privileges to root, even in tightly restricted environments where sudo access appears minimal.
sudo stands for "superuser do" — it's a command used in Unix-like operating systems (like Linux and macOS) that allows a permitted user to execute a command as another user, typically the superuser (root).
But recently security researchers from Stratascale Cyber Research Unit (CRU) disclosed a critical vulnerability in sudo related to its --chroot option.
https://nvd.nist.gov/vuln/detail/CVE-2025-32463
It is a critical vulnerability with a score of 9.3.
chroot - run command or interactive shell with special root directory
chroot stands for "change root" — it’s a Unix/Linux operation that changes the apparent root directory (/) for a running process and its children. It's often used to create isolated environments, sometimes called a "chroot jail”.
When a process is run inside a chroot, it cannot access files outside the specified directory. This gives the illusion that the specified directory is the entire filesystem.
Name Service Switch (NSS) is a component of the GNU C Library (glibc) that defines how a system resolves names for users, groups, hosts, etc. It allows Linux to flexibly query information from various sources like:
/etc/passwd