Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-32463 PoC — Sudo 安全漏洞

Source
https://github.com/kh4sh3i/CVE-2025-32463
Associated Vulnerability
Title:Sudo 安全漏洞 (CVE-2025-32463)
Description:Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Description
Local Privilege Escalation to Root via Sudo chroot in Linux
Readme
<h1 align="center">
  <br>
  <a><img src="/img/logo.png" alt="" width="300px;"></a>
  <br>
  <img src="https://img.shields.io/badge/PRs-welcome-blue">
  <img src="https://img.shields.io/github/last-commit/kh4sh3i/CVE-2025-32463">
  <img src="https://img.shields.io/github/commit-activity/m/kh4sh3i/CVE-2025-32463">
  <a href="https://twitter.com/intent/follow?screen_name=kh4sh3i_"><img src="https://img.shields.io/twitter/follow/kh4sh3i_?style=flat&logo=twitter"></a>
  <a href="https://github.com/kh4sh3i"><img src="https://img.shields.io/github/stars/kh4sh3i?style=flat&logo=github"></a>
</h1>


# CVE-2025-32463
Local Privilege Escalation to Root via Sudo chroot in Linux


## 🛑 Vulnerability Summary

**CVE-2025-32463** is a **local privilege escalation vulnerability** in the **Sudo** binary. The flaw allows a local user to escalate privileges to **root** under specific misconfigurations or with crafted inputs. The issue was discovered by **Rich Mirch**.

- **CVE-ID:** CVE-2025-32463  
- **Component:** sudo  
- **Type:** Local Privilege Escalation (EoP)  
- **CVSS Score:** TBD  
- **Discovered by:** [Rich Mirch](https://twitter.com/rmirch)

## 🔥 Impact

An attacker with low privileges can exploit this vulnerability to gain **root access**, compromising the system entirely.

## 🧪 Proof of Concept
<h1 align="center">
  <a><img src="/img/poc.jpg" alt="" width="500px;"></a>
</h1>

###  Exploit
```bash
git clone https://github.com/kh4sh3i/CVE-2025-32463.git
cd CVE-2025-32463
chmod +x exploit.sh
id
./exploit.sh
id
```

## 🛠 Affected Versions

- Vulnerable: sudo 1.9.14 to 1.9.17
- Patched: sudo 1.9.17p1 and later
- Not affected: Legacy versions prior to 1.9.14 (chroot feature did not exist)

## 🛡️ Mitigation

- Update `sudo` to the latest patched version.
- Use security frameworks like AppArmor or SELinux to limit sudo behavior.
- Monitor for abnormal sudo invocations.

## 🧷 References

- [CVE-2025-32463 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-32463)
- [Rich Mirch on Twitter](https://twitter.com/rmirch)
- [sudo project](https://www.sudo.ws)
- [stratascale](https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot)

## ⚠️ Disclaimer

This PoC is provided for **educational and research** purposes only. Running this on any system without permission is **illegal** and unethical.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →