CISA warns of critical Linux Sudo flaw exploited in attacks

Source: BleepingComputer

Author: Ionut Ilascu

URL: https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-linux-sudo-flaw-exploited-in-attacks/

ONE SENTENCE SUMMARY:

Hackers exploit a critical vulnerability in the sudo package, urging immediate mitigation to prevent unauthorized root-level command execution on Linux.

MAIN POINTS:

1. Hackers are exploiting the critical vulnerability CVE-2025-32463 in sudo.
2. CISA added this vulnerability to its Known Exploited Vulnerabilities catalog.
3. Agencies must mitigate or stop using sudo by October 20.
4. The flaw allows privilege escalation using the -R option even for non-sudoers.
5. Sudo lets admins delegate authority to unprivileged users while logging actions.
6. CVE-2025-32463 affects sudo versions 1.9.14 through 1.9.17.
7. The flaw has a critical severity score of 9.3.
8. Attackers can execute arbitrary commands as root without predefined user rules.
9. Rich Mirch released a proof-of-concept exploit for the flaw.
10. Organizations should reference CISA’s catalog for security prioritization.

TAKEAWAYS:

1. Immediate mitigation is essential to prevent exploitation of CVE-2025-32463.
2. Privilege escalation can occur even for users not in the sudoers list.
3. CISA’s KEV catalog is a vital tool for securing systems against known threats.
4. Sudo vulnerability affects multiple versions and requires urgent patching.
5. Organizations should prioritize using cybersecurity reports and advisories.