Ctrl + K
/ news / CVE
CVEPublished 2025-06-305 articles on news6 live referencesNVD data

CVE-2025-32463

Vulnerability data via CVEDB (Shodan)

CISA KEVKnown exploited in the wild.
CISA action: Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.
CVSS v3.1
9.3
CRITICAL
EPSS percentile
99
Exploit Prediction Scoring System · top 1% of all CVEs
Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Timeline
Published 2025-06-30

External references

NVDMITREExploit-DBSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag1,104 hosts
vuln:CVE-2025-32463
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Sudo Project Sudo" version:"1.9.14"
Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Sudo"
HTTP body or banner mentions "Sudo" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2025-32463
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-32463
Censys host search filtered to this CVE id.
grep.app
CVE-2025-32463
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-32463
GitHub code search for direct mentions.
Google dork
"CVE-2025-32463" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2025-324638 repos
0xsyr0/OSCPPowerShell
OSCP Cheat Sheet
★ 3,757·updated 5d ago
TH3xACE/SUDO_KILLERShell
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain …
★ 2,469·updated 3mo ago
0xMarcio/cvePython
Latest CVEs with their Proof of Concept exploits.
★ 1,316·updated today
GhostTroops/TOPShell
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
★ 731·updated today
pr0v3rbs/CVE-2025-32463_chwootShell
Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463
★ 527·updated 7mo ago
kh4sh3i/CVE-2025-32463Shell
Local Privilege Escalation to Root via Sudo chroot in Linux
★ 466·updated 11mo ago
Threekiii/CVEunknown
一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.
★ 170·updated 1w ago
mirchr/security-researchShell
Security Research
★ 94·updated 11mo ago
Articles on news mentioning CVE-2025-32463