12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation

A newly disclosed vulnerability in the Sudo command-line tool, present for over 12 years, has exposed countless Linux and Unix-like systems to the risk of local privilege escalation, allowing attackers to gain root access without sophisticated exploits.

The flaw, tracked as CVE-2025-32462, was discovered by the Stratascale Cyber Research Unit (CRU) and affects both stable (v1.9.0–1.9.17) and legacy (v1.8.8–1.8.32) versions of Sudo, a utility nearly ubiquitous in Linux environments.

Sudo is a critical utility that enables authorized users to execute commands with elevated privileges, typically as the root user, without sharing the root password.

Its configuration, managed via the sudoers file, allows fine-grained control over who can run what commands on which hosts, enforcing the principle of least privilege and providing an audit trail.

The vulnerability centers on Sudo’s -h or –host option, which was introduced in version 1.8.8 in 2013. This option was intended solely for use with the -l or –list flag, allowing users to view their Sudo permissions for a different host.

However, due to a longstanding bug, the host option could also be used when running commands or editing files, not just for listing permissions.

How the Vulnerability Works

In environments where Sudo rules are restricted to specific hostnames or patterns—a common practice in large enterprises—the flaw allows a user to specify a different host using the -h option.

Sudo then evaluates the rules as if the command were being run on that host, effectively bypassing host-based restrictions in the sudoers file.

If a user is permitted to run commands as root on a development server but not on production, they could exploit the bug to gain root access on the production system by simply referencing the development host.

No exploit code is required; the vulnerability is inherent in the logic of Sudo’s rule evaluation.

The only prerequisite is that the user has some entry in the sudoers file, even if not for the current host.

The flaw has been verified on major distributions, including Ubuntu 24.04.1 and macOS Sequoia, with Sudo versions as recent as 1.9.16p2. Given Sudo’s default presence on nearly all Linux systems, the exposure is widespread.

There is no effective workaround for CVE-2025-32462. Administrators are urged to immediately update to Sudo version 1.9.17p1 or later, where the host option is now properly restricted to listing operations only.

Security teams should also review their sudoers configurations for use of the Host or Host_Alias directives and audit all rules for potential exposure.

This incident underscores the critical importance of regular software updates and vigilant configuration management, even for trusted, foundational tools.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!