CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

Posted on By CWS

Sep 30, 2025Ravie LakshmananVulnerability / Linux
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added a important safety flaw impacting the Sudo command-line utility for Linux and Unix-like working programs to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation within the wild.
The vulnerability in query is CVE-2025-32463 (CVSS rating: 9.3), which impacts Sudo variations previous to 1.9.17p1. It was disclosed by Stratascale researcher Wealthy Mirch again in July 2025.
“Sudo incorporates an inclusion of performance from an untrusted management sphere vulnerability,” CISA mentioned. “This vulnerability might enable an area attacker to leverage sudo’s -R (–chroot) choice to run arbitrary instructions as root, even when they don’t seem to be listed within the sudoers file.”

It is at present not identified how the shortcoming is being exploited in real-world assaults, and who could also be behind such efforts. Additionally added to the KEV catalog are 4 different flaws –

CVE-2021-21311 – Adminer incorporates a server-side request forgery vulnerability that, when exploited, permits a distant attacker to acquire doubtlessly delicate data. (Disclosed as exploited by Google Mandiant in Could 2022 by a risk actor referred to as UNC2903 to focus on AWS IMDS setups)
CVE-2025-20352 – Cisco IOS and IOS XE include a stack-based buffer overflow vulnerability within the Easy Community Administration Protocol (SNMP) subsystem that might enable for denial of service or distant code execution. (Disclosed as exploited by Cisco final week)
CVE-2025-10035 – Fortra GoAnywhere MFT incorporates a deserialization of untrusted knowledge vulnerability that permits an actor with a validly solid license response signature to deserialize an arbitrary actor-controlled object, presumably resulting in command injection. (Disclosed as exploited by watchTowr Labs final week)
CVE-2025-59689 – Libraesva E mail Safety Gateway (ESG) incorporates a command injection vulnerability that permits command injection by way of a compressed electronic mail attachment. (Disclosed as exploited by Libraesva final week)

In gentle of lively exploitation, Federal Civilian Govt Department (FCEB) businesses counting on the affected merchandise are suggested to use the mandatory mitigations by October 20, 2025, to safe their networks.

The Hacker News Tags:, , , , , , , , , ,

Related Posts

New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs The Hacker News
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware The Hacker News
SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats The Hacker News
How to Advance from SOC Manager to CISO? How to Advance from SOC Manager to CISO? The Hacker News
VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More The Hacker News
VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX The Hacker News