The vulnerability, with a important CVSS score of 9.3 out of 10, impacts Sudo variations 1.9.14 by means of 1.9.17, and Stratascale researchers stated they verified the exploitation on Ubuntu 24.04.1 and the Fedora 41 server.
“CVE-2025-32463 entails a neighborhood privilege escalation vector that doesn’t require the person to be within the sudoers file,” stated Marc England, security advisor at Black Duck. “My solely query can be, with regards to components resembling infrastructure, what number of of them are utilizing Ubuntu 24.04? A number of the time, with Ubuntu 22.04 LTS having assist by means of to 2027, it will be way more frequent in most environments as there isn’t all the time a rush to replace to a brand new OS because the present one continues to be steady and supported.”
England thinks many admins may very well be within the clear as he believes most can be utilizing Sudo model 1.9.9, non-vulnerable, as it’s the newest package deal supported on Ubuntu 22.04.
