CVE-2025-32463

Опубликовано: 30 июн. 2025

Источник: debian

EPSS Низкий

Описание

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
sudo	fixed	1.9.16p2-3		package
sudo	not-affected		bookworm	package
sudo	not-affected		bullseye	package

Примечания

https://www.sudo.ws/security/advisories/chroot_bug/

EPSS

Процентиль: 55%

0.00325

Низкий

Связанные уязвимости

CVE-2025-32463

CVSS3: 9.3

ubuntu

16 дней назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-32463

CVSS3: 7.8

redhat

16 дней назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-32463

CVSS3: 9.3

nvd

16 дней назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-32463

CVSS3: 9.3

msrc

6 дней назад

Описание отсутствует

GHSA-695j-c63m-mvxc

CVSS3: 9.3

github

16 дней назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

EPSS

Процентиль: 55%

0.00325

Низкий