CVE-2025-32463

CRITICAL

CVSS v3

9.3

CRITICAL

EPSS Score

47.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Technical Details

CVSS v3 Vector
3.1
Published
6/30/2025
Last Modified
11/5/2025
Exploit-DB
EDB-52352

Frequently Asked Questions

What is CVE-2025-32463?

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Is CVE-2025-32463 actively exploited?

Active exploitation of CVE-2025-32463 has not been confirmed. The EPSS score is 47.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-32463?

CVE-2025-32463 has a CVSS v3 base score of 9.3 (CRITICAL severity), with vector string 3.1.

Is CVE-2025-32463 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IPSearch CVEs
Back to CVE Database