Share
## https://sploitus.com/exploit?id=6C460879-71C5-559E-A79C-4FC25D8B115D
# CVE-2025-32463 Local Privilege Escalation to Root via Sudo chroot in Linux πŸ›‘

Here's a summary of **CVE-2025-32463** without links:

---

### πŸ” Vulnerability Overview

**CVE-2025-32463** is a **local privilege escalation** vulnerability in **Sudo** versions **1.9.14 through 1.9.17**. It abuses the `--chroot` (`-R`) option by manipulating how Sudo handles `nsswitch.conf`. This allows a local attacker to trick Sudo into loading a **malicious shared library**, gaining **root access**, even if they aren't in the `sudoers` file.

---

### ⚠️ Severity

* **CVSS 3.1 Score**: 9.3 (Critical ⚫)
* **Attack Vector**: Local
* **Privileges Required**: None
* **User Interaction**: None

---

### πŸ’€ Exploit

```
sudo git clone https://github.com/B1ack4ash/Blackash-CVE-2025-32463.git
cd CVE-2025-32463
chmod +x CVE-2025-32463.sh
id
./CVE-2025-32463.sh
id
```

---

### πŸ› οΈ How the Exploit Works

1. The attacker runs a command like `sudo -R /fake-dir some-command`.
2. Inside `/fake-dir`, they place a fake `etc/nsswitch.conf` that forces Sudo to resolve users or groups via a custom method.
3. This tricks Sudo into loading and executing a **malicious shared library**, leading to **code execution as root**.

---

### πŸ“Œ Affected Systems

* Any Linux/Unix-like system running **Sudo 1.9.14 to 1.9.17**
* Systems allowing local shell access (even with no sudo privileges)
* Includes major distributions like Ubuntu, Debian, Red Hat, Fedora, SUSE, Alpine, etc.

---

### βœ… Fixed In

* **Sudo 1.9.17p1** and newer
* Older versions **before 1.9.14** are not affected (they lack the vulnerable chroot feature)

---

### πŸ›‘οΈ Mitigation Steps

1. **Check your version** using `sudo --version`
2. **Update Sudo** to 1.9.17p1 or latest available version
3. Avoid using `--chroot` option unless necessary
4. Monitor logs for unusual sudo or NSS behavior

---

### πŸ“£ Key Takeaway

Even if a user doesn’t have sudo rights, they can potentially become root by abusing this bug. It’s a critical issue affecting many systems, and it should be patched **immediately**.

---

### ⚠️ Disclaimer

This PoC is provided for educational and research purposes only. Running this on any system without permission is illegal and unethical !!!