Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Critical privilege escalation vulnerability in sudo, Patch Immediately!
Image
Veröffentlicht : 01/07/2025
* Last update: 01/07/2025
* Affected software:: sudo before 1.9.14 to 1.9.17
* Type: Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
* CVE/CVSS
→ CVE-2025-32463: CVSS 9.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32463
Risks
Sudo is a tool used on Linux-systems, which allows a user who is listed in sudoers-file to run commands with root-privileges by providing his own password. By exploiting CVE-2025-32463, an attacker can leverage sudo’s -R (–chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers-file. By doing this, a user can run commands as root, even if the user is not allowed to run commands as sudo, which is considered as privilege escalation. Running commands as root has a high impact on the whole CIA-triad.
Description
Sudo's -R (--chroot) option is intended to allow the user to run a command with a user-selected root directory if the sudoers-file allows it. A change was made in sudo 1.9.14 to resolve paths via chroot() using the user-specified root directory while the sudoers file was still being evaluated. It is possible for an attacker to trick sudo into loading an arbitrary shared library by creating an /etc/nsswitch.conf file under the user-specified root directory.
The developers of sudo have marked the chroot-feature of sudo as deprecated and stated that the feature will be removed entirely in a future sudo release.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Official Manufacturer: https://www.sudo.ws/security/advisories/chroot_bug/
Stratascale: https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
Openwall: https://www.openwall.com/lists/oss-security/2025/06/30/3