Tech News

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

By Viral Trending Content 3 Min Read

Sep 30, 2025Ravie LakshmananVulnerability / Linux

Critical Sudo Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025.

“Sudo contains an inclusion of functionality from an untrusted control sphere vulnerability,” CISA said. “This vulnerability could allow a local attacker to leverage sudo’s -R (–chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.”

DFIR Retainer Services

It’s currently not known how the shortcoming is being exploited in real-world attacks, and who may be behind such efforts. Also added to the KEV catalog are four other flaws –

  • CVE-2021-21311 – Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. (Disclosed as exploited by Google Mandiant in May 2022 by a threat actor called UNC2903 to target AWS IMDS setups)
  • CVE-2025-20352 – Cisco IOS and IOS XE contain a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. (Disclosed as exploited by Cisco last week)
  • CVE-2025-10035 – Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability that allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. (Disclosed as exploited by watchTowr Labs last week)
  • CVE-2025-59689 – Libraesva Email Security Gateway (ESG) contains a command injection vulnerability that allows command injection via a compressed email attachment. (Disclosed as exploited by Libraesva last week)

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies relying on the affected products are advised to apply the necessary mitigations by October 20, 2025, to secure their networks.

You Might Also Like

Le Wand Lick 3-in-1 Review: Three Times the Pleasure

Retinal screening to detect eye disease

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

What are the best cities for digital nomads?

Android XR Smart Glasses Updates and News for November 2025

TAGGED: , , , , , , , , ,
Share This Article
Previous Article Bitcoin And Ethereum Funds Shed $1.1 Billion While Solana Investment Products Gain $291 Million – Report
Next Article Galway medtech CLS plans 140 jobs to expand into new markets
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -

Latest News

France probes Vinted over alleged exposure of children to pornographic content
World News
Bitcoin price forecast: BTC eyes $85k support level as selloff continues
Crypto
Amazon Liquidates Bose Headphones at 50% Off, Now Cheaper Than Mid-Range No-Name Models
Gaming News
Clair Obscur: Expedition 33 Nominated in 12 Categories at The Game Awards, The Most in History
Gaming News
Indian market expensive but select sectors shine: Vikash Kumar Jain
Business
Pentagon Announces 6 Critical Areas for Research and Development
Politics
Best Meme Coins Live News Today: Latest Degen Alpha & Market Updates (November 11)
Crypto
Lost your password?