The vulnerability, with a critical CVSS rating of 9.3 out of 10, affects Sudo versions 1.9.14 through 1.9.17, and Stratascale researchers said they verified the exploitation on Ubuntu 24.04.1 and the Fedora 41 server.
“CVE-2025-32463 involves a local privilege escalation vector that doesn’t require the user to be in the sudoers file,” said Marc England, security consultant at Black Duck. “My only question would be, when it comes to elements such as infrastructure, how many of them are using Ubuntu 24.04? A lot of the time, with Ubuntu 22.04 LTS having support through to 2027, it would be far more common in most environments as there isn’t always a rush to update to a new OS since the current one is still stable and supported.”
England thinks many admins could be in the clear as he believes most would be using Sudo version 1.9.9, non-vulnerable, as it is the latest package supported on Ubuntu 22.04.
