Security researchers have uncovered a serious vulnerability in sudo, the tool that runs commands with elevated privileges on Linux systems. It is tracked as CVE-2025-32463 and carries a CVSS score of 9.3. This flaw poses a serious risk to Linux environments. Read this Cybersecurity Threat Advisory to understand the threat and learn how to protect your systems.
What is the threat?
CVE-2025-32463 allows a local attacker to escalate privileges to root, granting full system control on affected hosts. Attackers have already exploited this vulnerability in the wild, which increases the urgency for organizations to assess their exposure and apply patches immediately.
Why is it noteworthy?
Sudo is a core Linux utility for executing commands with elevated privileges. This vulnerability impacts versions prior to 1.9.17p1, enabling local privilege escalation to root. Because attackers are actively exploiting this vulnerability, organizations must act quickly to remediate affected systems.
What is the exposure or risk?
Exploiting CVE-2025-32463 allows a local attacker to gain root access and execute arbitrary commands with elevated rights. This can lead to complete system compromise, including manipulation of configurations, access to sensitive data, and disruption of services across affected Linux environments.
What are the recommendations?
Barracuda recommends the following to mitigate your risk:
- Upgrade to sudo 1.9.17p1 (or your vendor’s fixed build) across all Linux systems.
- Enable/centralize sudo and audit logs; alert on unusual spikes in sudo invocations, failed/successful escalations, and sudoers changes given active exploitation.
- Remove NOPASSWD where possible, restrict allowed commands, and audit sudo/wheel group membership to minimize impact of local privilege escalation.
- Add a sudo-LPE playbook (isolate affected hosts, emergency patching, log triage for suspicious sudo activity, credential rotation, and stakeholder communications) given observed exploitation.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-linux-sudo-flaw-exploited-in-attacks/
- https://nvd.nist.gov/vuln/detail/cve-2025-32463
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.