CVE-2025-32463

Publication date 30 June 2025

Last updated 30 June 2025

An attacker can leverage sudo's `-R` (`--chroot`) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 inclusive are affected.

Why is this CVE high priority?

Allows local privilege escalation

Learn more about Ubuntu priority

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sudo	25.04 plucky	Fixed 1.9.16p2-1ubuntu1.1
	24.10 oracular	Fixed 1.9.15p5-3ubuntu5.24.10.1
	24.04 LTS noble	Fixed 1.9.15p5-3ubuntu5.24.04.1
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-7604-1
Sudo vulnerabilities
30 June 2025

Other references

https://www.cve.org/CVERecord?id=CVE-2025-32463
https://www.sudo.ws/security/advisories/chroot_bug/