By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
Tech News

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

By Viral Trending Content 3 Min Read
Share
SHARE

Sep 30, 2025Ravie LakshmananVulnerability / Linux

Critical Sudo Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025.

“Sudo contains an inclusion of functionality from an untrusted control sphere vulnerability,” CISA said. “This vulnerability could allow a local attacker to leverage sudo’s -R (–chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.”

DFIR Retainer Services

It’s currently not known how the shortcoming is being exploited in real-world attacks, and who may be behind such efforts. Also added to the KEV catalog are four other flaws –

  • CVE-2021-21311 – Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. (Disclosed as exploited by Google Mandiant in May 2022 by a threat actor called UNC2903 to target AWS IMDS setups)
  • CVE-2025-20352 – Cisco IOS and IOS XE contain a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. (Disclosed as exploited by Cisco last week)
  • CVE-2025-10035 – Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability that allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. (Disclosed as exploited by watchTowr Labs last week)
  • CVE-2025-59689 – Libraesva Email Security Gateway (ESG) contains a command injection vulnerability that allows command injection via a compressed email attachment. (Disclosed as exploited by Libraesva last week)

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies relying on the affected products are advised to apply the necessary mitigations by October 20, 2025, to secure their networks.

You Might Also Like

How the World’s Largest 3D Object Library By Microsoft & NVIDIA

Oracle links Clop extortion attacks to July 2025 vulnerabilities

Is Social Media the Best Tool for Business Growth?

Five SETU scientists listed among world’s top 2pc on Stanford list

7 Key Workflows for Maximum Impact

TAGGED: CISA, Cisco, Cyber Security, Cybersecurity, data breach, email security, Internet, Linux, Malware, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article Bitcoin And Ethereum Funds Shed $1.1 Billion While Solana Investment Products Gain $291 Million – Report
Next Article Galway medtech CLS plans 140 jobs to expand into new markets
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Mono Protocol’s launch highlights: $1.7M raised and a vision for one account, one balance, one click
Crypto
Netflix Hiring A Director Of Generative AI For Gaming With A Starting Salary Of Up To $840K
Gaming News
All aboard: High-speed train links for travel to major European cities gets under way
Travel
Megabonk Sells 1 Million Units in Two Weeks
Gaming News
Pepper Pong game of ‘Shark Tank’ fame lands in Dick’s Sporting Goods and Scheels stores
Business
With a 22% annual return, I think this growth stock may be too good to ignore
Business
How the World’s Largest 3D Object Library By Microsoft & NVIDIA
Tech News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Mono Protocol’s launch highlights: $1.7M raised and a vision for one account, one balance, one click

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Mono Protocol’s launch highlights: $1.7M raised and a vision for one account, one balance, one click
October 3, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?