Linux has a critical vulnerability, even if no one really knows how it is being exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added the vulnerability CVE-2025-32463 to its catalog of Known Exploited Vulnerabilities (KEV). This critical flaw affects Sudo versions prior to 1.9.17p1 and has a CVSS score of 9.3, placing it in the high severity category. The first alerts about this vulnerability were issued in July 2025 by researcher Rich Mirch from Stratascale.

A very serious vulnerability to fix

CISA warns that this vulnerability can be exploited by local attackers to execute arbitrary commands with root privileges, taking advantage of the -R (–chroot) option of Sudo, even if such commands are not listed in the sudoers file. This makes it a potentially devastating attack vector for systems that rely on Sudo for privilege management.

According to recent reports, there is evidence of active exploitation of this vulnerability in the real world, although the exact details of how these attacks are being carried out and who is responsible have not yet been clarified. This lack of information may indicate the urgency with which system administrators must act to mitigate the risk.

Agencies of the Federal Civilian Executive Branch (FCEB) are being specifically warned to implement mitigation measures before October 20, 2025, to protect their networks from potential intrusions. In addition to CVE-2025-32463, CISA has also included four other vulnerabilities in its catalog, highlighting the importance of cybersecurity in the current landscape.

System administrators are urged to review their Sudo implementations and apply all necessary updates to ensure the integrity of their networks against this and other imminent threats. Prompt attention to these warnings could make a difference in preventing significant intrusions.

Avast Free Antivirus DOWNLOAD