CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
美国网络安全机构CISA将影响Linux系统Sudo工具的严重漏洞CVE-2025-32463加入已知被利用漏洞目录，该漏洞允许攻击者以root权限执行任意命令。同时新增四例被利用漏洞，并敦促相关机构在10月20日前修复。 2025-9-30 05:41:0 Author: thehackernews.com(查看原文) 阅读量:10 收藏

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025.

"Sudo contains an inclusion of functionality from an untrusted control sphere vulnerability," CISA said. "This vulnerability could allow a local attacker to leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file."

It's currently not known how the shortcoming is being exploited in real-world attacks, and who may be behind such efforts. Also added to the KEV catalog are four other flaws -

CVE-2021-21311 - Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. (Disclosed as exploited by Google Mandiant in May 2022 by a threat actor called UNC2903 to target AWS IMDS setups)
CVE-2025-20352 - Cisco IOS and IOS XE contain a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. (Disclosed as exploited by Cisco last week)
CVE-2025-10035 - Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability that allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. (Disclosed as exploited by watchTowr Labs last week)
CVE-2025-59689 - Libraesva Email Security Gateway (ESG) contains a command injection vulnerability that allows command injection via a compressed email attachment. (Disclosed as exploited by Libraesva last week)

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies relying on the affected products are advised to apply the necessary mitigations by October 20, 2025, to secure their networks.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html
如有侵权请联系:admin#unsafe.sh