🛡️ Proof of Concept (PoC) for CVE-2025-32463 — Local privilege escalation in sudo (versions 1.9.14 to 1.9.17). This exploit abuses the --chroot option and a malicious nsswitch.conf to execute arbitrary code as root. ⚠️ For educational and authorized testing only.# CVE-2025-32463 - sudo Local Privilege Escalation (PoC)
> ⚠️ **This repository contains a Proof of Concept (PoC) exploit for CVE-2025-32463**
> Intended **only for educational purposes** and use in **authorized environments**.
---
## 🧠 About the Vulnerability
**CVE-2025-32463** is a local privilege escalation vulnerability affecting `sudo` versions **1.9.14 to 1.9.17**.
The flaw resides in the way `sudo` handles the `--chroot` (`-R`) option introduced in 1.9.14. It allows an unprivileged user to craft a fake `nsswitch.conf` inside a controlled chroot path, forcing `sudo` (running as root) to load an arbitrary **NSS library** and execute code as root.
---
## ✅ Affected Versions
- `sudo` **≥ 1.9.14** and **< 1.9.17p1**
- Unaffected:
- Versions **< 1.9.14** (feature not present)
- Versions **≥ 1.9.17p1** (vulnerability patched)
---
## 🚩 Requirements
- A vulnerable version of `sudo` (see above)
- `gcc` installed
- The user can run `sudo -R` with an arbitrary directory *(some setups restrict this)*
---
## 🚀 Exploit Steps
1. Clone this repository or just download the script
2. Run the PoC script:
` chmod +x CVE-2025-32463.sh && ./CVE-2025-32463.sh `
## 📚 References
- [NVD Entry – CVE-2025-32463](https://nvd.nist.gov/vuln/detail/CVE-2025-32463)
- [Sudo security advisory](https://www.sudo.ws/security/advisories)
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view