CVE-2025-32463CISA KEV: Actively Exploited

Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

Published Sep 29, 2025·Updated Sep 29, 2025

Description

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.

Public Exploits & PoCs66 found

PoC: CVE-2025-32463-lab

本项目基于 Docker 搭建了一个用于复现和测试 sudo 本地权限提升漏洞 CVE-2025-32463 的实验环境。

2

PoC: CVE-2025-32463

Privilege escalation to root using sudo chroot, NO NEED for gcc installed.

2

PoC: CVE-2025-32463-POC

CVE-2025-32463 Proof of concept

2

PoC: CVE-2025-32463

Proof of Concept (PoC) Escalada de privilegios por versión de Sudo.

1

PoC: CVE-2025-32463_chwoot

POC for CVE-2025-32463 sudo_chwoot

1

PoC: CVE-2025-32463

This CVE addresses a vulnerability in sudo versions 1.9.14 to 1.9.17, enabling unauthorized local privilege escalation to root access.

1

PoC: CVE-2025-32463

This CVE addresses a vulnerability in sudo versions 1.9.14 to 1.9.17, enabling unauthorized local privilege escalation to root access.

1

PoC: Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-32462

A deep dive into two critical Sudo vulnerabilities (CVE‑2025‑32463 & CVE‑2025‑32462) that enable local privilege escalation across major Linux distributions.

1

PoC: CVE-2025-32463

CVE-2025-32463 漏洞概念验证

1

PoC: CVE-2025-32463-sudo-poc

CVE-2025-32463 - Sudo Privilege Escalation Exploit POC (2025)

1

PoC: Blackash-CVE-2025-32463

CVE-2025-32463

1

PoC: CVE-2025-32463_chwoot

sudo Local Privilege Escalation CVE-2025-32463

1

[POC] GHSA-3mgp-fx93-9xv5 — cve-2025-32463

POC for CVE-2025-32463

PoC: CVE-2025-32463

CVE-2025-32463

PoC: CVE-2025-32463

A proof-of-concept exploit demonstrating local privilege escalation to root in sudo (CVE-2025-32463) by abusing the --chroot (-R) option and injecting a malicious NSS configuration

PoC: CVE-2025-32463

CVE-2025-32463

PoC: CVE-2025-32463

C reimplementation of chwoot PoC

PoC: CVE-2025-32463

CVE-2025-32463

PoC: CVE-2025-32463

Chroot Privilege Escalation

PoC: CVE-2025-32463-Sudo-Privilege-Escalation

Practical security research project exploiting CVE-2025-32463 to gain root access on a vulnerable sudo version. Includes write-up, PoC, and mitigation steps.

PoC: CVE-2025-32463

exploit

PoC: CVE-2025-32463

Technical examination of CVE-2025-32463 by Muhammed Kaya.

PoC: CVE-2025-32463

CVE‑2025‑32463

PoC: sudo-chroot

Sudo Vulnerability Local PrivEsc (CVE-2025-32463) POC with Python

PoC: sudo-chroot

Sudo Vulnerability Local PrivEsc (CVE-2025-32463) POC with Python

PoC: CVE-2025-32463

Privilege escalation to root using sudo chroot, NO NEED for gcc installed.

PoC: CVE-2025-32463

- Vulnerable: sudo 1.9.14, 1.9.15, 1.9.16, 1.9.17 - Patched in: sudo 1.9.17p1 and later - Legacy versions older than 1.9.14 are not affected, as they don't support the --chroot option.

PoC: CVE-2025-32463

Enviroment and Nuclei template to test CVE-2025-32463

PoC: CVE-2025-32463

sudo --chroot exploit

PoC: CVE-2025-32463

This repository contains an exploit script for CVE-2025-32463, a local privilege escalation involving `chroot` behavior in affected `sudo` versions (1.9.14 through 1.9.17)

PoC: CVE-2025-32463

# CVE-2025-32463 – Sudo EoP Exploit (PoC) with precompiled .so

PoC: CVE-2025-32463

A Python exploit for CVE-2025-32463, a critical local privilege escalation vulnerability in the Sudo binary on Linux systems. This flaw allows local users to obtain root access by exploiting the --chroot option, which incorrectly uses /etc/nsswitch.conf from a user-controlled directory.

PoC: CVE-2025-32463-Sudo-Chroot-Escape

This repository contains a Proof of Concept (PoC) for CVE-2025-32463, a vulnerability in sudo allowing a chroot escape to achieve local privilege escalation.

PoC: CVE-2025-32463-lab

🐳 Reproduce and test the CVE-2025-32463 vulnerability in a Docker-based lab environment for security research and practical analysis.

PoC: CVE-2025-32463

🔒 Elevate privileges to root via sudo without requiring gcc on the target system. Simplify exploit execution with pre-compiled payloads.

PoC: CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

PoC: CVE-2025-32463_chwoot

🔍 Demonstrate the CVE-2025-32463 privilege-escalation flaw in sudo's chroot feature with this minimal, reproducible proof of concept environment.

PoC: CVE-2025-32463

Questo script è un proof of concept (PoC) che dimostra una tecnica di privilege escalation (Elevazione di privilegi) sfruttando una vulnerabilità teorica di sudo (es. CVE-2025-32463). Il PoC forza sudo a caricare una libreria .so manipolata sfruttando la funzionalità -R (chroot) e la configurazione personalizzata di NSS (nsswitch.conf).

PoC: CVE-2025-32463-lab

Explore the CVE-2025-32463 lab environment for testing the sudo vulnerability. Ideal for security researchers. 🐱💻🔍

PoC: CVE-2025-32463

CVE-2025-32463 - Sudo Chroot Privilege Escalation Exploit

PoC: sudo_exploit

CVE-2025-32463

PoC: CVE-2025-32463

Proof-of-concept and analysis for CVE-2025-32463

PoC: CVE-2025-32463

Local Privilege Escalation to Root via Sudo chroot in Linux

PoC: CVE-2025-32463

This is the exploit for the CVE-2025-32463

PoC: CVE-2025-32463

Privilege escalation to root via sudo without gcc. Exploit works on vulnerable sudo versions. Clone the repo and run the script. 🐙💻

PoC: cve-2025-32463-lab

Educational Docker lab to simulate privilege escalation via CVE-2025-32463

PoC: sudo-chroot-CVE-2025-32463

Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)

PoC: CVE-2025-32463_Sudo_PoC

PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits NSS module injection through crafted chroot environments. Designed for security researchers and lab-only environments.

PoC: CVE-2025-32463-Chroot-Vulnerabilitity

Repository

PoC: cve-2025-32463

cve-2025-32463's demo

PoC: CVE-2025-32463-EXPLOIT

A PoC exploit for CVE-2025-32463 - Sudo Privilege Escalation

PoC: CVE-2025-32463-PoC

Proof of Concept for CVE-2025-32463 Local privilege escalation exploit targeting sudo -R on vulnerable Linux systems. For educational and authorized security testing only.

PoC: CVE-2025-32463

Linux distributions: Affects Ubuntu, Debian, Fedora, CentOS, SUSE, Amazon Linux, and others shipping sudo v1.9.14–1.9.17

PoC: Blackash-CVE-2025-32463

CVE-2025-32463

PoC: CVE-2025-32463

Local privilege escalation vulnerability CVE-2025-32463 in Sudo allows users to gain root access. Discover details and solutions on GitHub! 🐙✨

PoC: CVE-2025-32463-POC

🛡️ Proof of Concept (PoC) for CVE-2025-32463 — Local privilege escalation in sudo (versions 1.9.14 to 1.9.17). This exploit abuses the --chroot option and a malicious nsswitch.conf to execute arbitrary code as root. ⚠️ For educational and authorized testing only.

PoC: CVE-2025-32463_chwoot

Demonstrate CVE-2025-32463 with this PoC for sudo's chroot feature. Explore the exploit and its impact on vulnerable sudo versions. 🐱💻🔒

PoC: CVE-2025-32463

# CVE-2025-32463 – Sudo EoP Exploit (PoC) with precompiled .so

PoC: CVE-2025-32463_illdeed

Privilege escalation exploit for CVE-2025-32463 using a malicious NSS module injected via sudo -R. This version creates a stealth payload called illdeed, granting root access through a controlled chroot environment.

PoC: CVE-2025-32463-sudo-chwoot

PoC for CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability

PoC: sudo_patch_CVE-2025-32463

Mr.CIA's manual patching guide for CVE-2025-32463 (Sudo local privilege escalation) on Kali Linux and Ubuntu WSL.

PoC: CVE-2025-32463

Sudo chroot privileged escalation PoC

PoC: sudoinjection

Sudo Local Privilege Escalation CVE-2025-32463 (Best For Cases Where the shell is not stable to spawn a new root shell)

PoC: CVE-2025-32463

Exploit for Local Privilege Escalation in Sudo via Malicious nsswitch.conf with sudo -R. (CVE-2025-32463)

PoC: CVE-2025-32463

Local Privilege Escalation to Root via Sudo chroot in Linux

PoC: linux-root-kit

End-to-end simulation of a Python dependency confusion attack, sudo privilege escalation (CVE-2025-32463), and rootkit-based persistence - with full memory and network forensic analysis.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free