Multiple critical vulnerabilities in the widely used Sudo utility have been disclosed, allowing local unprivileged users to gain root access on Linux systems. These flaws, some present for over a decade, pose a significant threat to a vast number of Linux installations, including cloud workloads, and necessitate immediate patching.

Sudo Flaws Grant Root Access to Linux Systems

Security researchers have uncovered two critical vulnerabilities, CVE-2025-32462 and CVE-2025-32463, in the Sudo utility, a program essential for managing user privileges on Unix-like operating systems. These flaws enable any local user, even those without administrative privileges or a password, to escalate their access to full root control. A separate, but equally critical, heap-based buffer overflow vulnerability, CVE-2021-3156 (dubbed "Baron Samedit"), was also identified, affecting Sudo versions dating back to 2011.

Key Takeaways

• CVE-2025-32462: This vulnerability, present for 12 years (since Sudo v1.8.8), exploits a logic flaw in Sudo's host option (-h). Attackers can manipulate this option to execute commands with root privileges by referencing rules intended for other hosts in the sudoers file.

• CVE-2025-32463: Introduced in Sudo v1.9.14 (June 2023), this flaw targets Sudo's chroot functionality (-R or --chroot). It allows unprivileged users to invoke chroot() on writable, untrusted paths, leading to the loading of malicious shared libraries and subsequent root privilege escalation.

• CVE-2021-3156 ("Baron Samedit"): A heap-based buffer overflow vulnerability affecting Sudo versions from 1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1. This flaw allows unprivileged users to gain root privileges without authentication by exploiting how Sudo handles backslashes in arguments when running in shell mode.

Affected Systems and Impact

These vulnerabilities impact a significant portion of Linux systems globally, including major distributions like Ubuntu, Fedora, Debian, and CentOS. Cloud workloads, with an estimated 90% running Linux-based operating systems, are particularly at risk. The default Sudo configuration is vulnerable, meaning no special setup is required for exploitation.

Testing for Vulnerability

To check if a system is vulnerable to CVE-2021-3156, log in as a non-root user and run the command .

• If the system is vulnerable, it will respond with an error starting with sudoedit:.

• If the system is patched, it will respond with an error starting with usage:.

Immediate Action Required

System administrators are urged to update their Sudo packages immediately. For CVE-2025-32462 and CVE-2025-32463, update to Sudo version 1.9.17p1 or later. For CVE-2021-3156, update to Sudo 1.9.5p2 or later. No workarounds exist for these critical vulnerabilities. Organizations should also audit their configurations for host-specific rules and usage.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Recent Linux sudo vulnerability affects a major percent of cloud workloads, wiz.io.

• New Linux SUDO flaw lets local users gain root privileges, BleepingComputer.

• Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to Root, CyberSecurityNews.

• Critical Sudo Vulnerabilities Leads Root Access to Any Linux User, Cyber Kendra.

• Sudo Vulnerability CVE-2021-3156: Root Access Risk, Qualys.