CVE-2025-32463 in sudoinfo

Summary

by MITRE • 07/01/2025

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 11/28/2025

This vulnerability exists in sudo versions prior to 1.9.17p1 and represents a critical privilege escalation flaw that allows local attackers to gain root access on affected systems. The issue stems from how sudo handles the --chroot option when processing the /etc/nsswitch.conf file, which is typically used for name service switching configuration. When sudo is invoked with the --chroot option, it attempts to read the nsswitch.conf file from a user-controlled directory rather than the standard system location, creating an opportunity for malicious manipulation. This flaw directly violates the principle of least privilege and undermines the fundamental security model of privilege separation that sudo is designed to enforce.

The technical implementation of this vulnerability involves the sudo command's handling of the --chroot option which changes the root directory for the process but fails to properly validate or restrict access to system configuration files. When a user-controlled directory is specified, the nsswitch.conf file from that location is processed instead of the system's authoritative configuration. This creates a path traversal and configuration injection scenario where an attacker can place a malicious nsswitch.conf file in a location they control, potentially redirecting name resolution to point to arbitrary services or files. The vulnerability operates at the system call level where sudo's chroot functionality does not properly isolate the configuration file access, allowing for arbitrary file reads and potential command execution through the name service resolution process.

The operational impact of this vulnerability is severe as it enables local privilege escalation from a regular user account to root privileges without requiring any special authentication or network access. Attackers can exploit this by placing a crafted nsswitch.conf file in a directory they control, then invoking sudo with the --chroot option to trigger the loading of their malicious configuration. This vulnerability affects systems where sudo is installed and used with the --chroot functionality, which is common in containerized environments, chroot jails, and various system administration scenarios. The flaw can be exploited in both interactive and automated contexts, making it particularly dangerous in environments where sudo is used extensively for administrative tasks.

Mitigation strategies for this vulnerability include immediate upgrading to sudo version 1.9.17p1 or later, which contains the necessary patches to prevent the use of user-controlled directories for nsswitch.conf when the --chroot option is specified. System administrators should also implement strict file permissions and access controls on sensitive configuration files, ensuring that only authorized users can modify system-level configuration. Additionally, monitoring for unusual sudo usage patterns, particularly those involving the --chroot option, can help detect potential exploitation attempts. The vulnerability aligns with CWE-22 Path Traversal and CWE-264 Permissions, Privileges, and Access Controls, and maps to ATT&CK technique T1068 Privilege Escalation through the use of sudo and the exploitation of configuration file vulnerabilities. Organizations should conduct comprehensive vulnerability assessments to identify systems running affected sudo versions and implement proper access controls to prevent unauthorized modification of system configuration files.

Reservation

04/09/2025

Disclosure

07/01/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.47467

KEV

yes

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!