SUDO CVE-2025-32462 and CVE-2025-32463

A vulnerability was recently discovered in sudo. It allows a local user to bypass the password and gain root access to your system. Here’s a link to just one article that describes the issue. Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros.

The fix for this issue has been released in sudo version 1.9.17p1. However Fedora and a couple of other distributions has not updated to this version as yet. Here is a discussion on Fedora’s website. CVE-2025-32463 vulnerability mitigation - Fedora Discussion.

I began picking up on some news of this topic a few weeks ago, but never paid attention to it. I just checked that my version of sudo on Fedora is 1.9.15p5. I haven’t panicked but it did raise my heartbeat a couple of levels.

Were you aware of this vulnerability? What are your plans to mitigate it?

3 Likes

Thanks @shybry747 I was not aware of this. I’ve not been checking my subscribed alterts since last week Tuesday. So of course this would happen now :grinning_face_with_smiling_eyes:

I’m going to read that page you linked to and then see what I need to do.

Thanks a ton for sharing this.

I have realized that some tech news websites are making a huge deal out of this. One website says this has been a huge risk since 2013. They also mentioned all major distros are affected.

Although this vulnerability is serious, I am getting the sense from one or two experienced bloggers that first, the perpetrator would have to get access to your user account before they can elevate themselves to root using the sudo weakness.

Therefore I would think one way to mitigate this threat is to make sure that your computer does not use an automatic login, and that your password is strong.

1 Like

I’m back out to work and had a closer look. Yes, exploiting these vulnerabilities requires the attacker to already have some level of sudo access or be a local user with sudo privileges.

Also see: Stable Release | Sudo

Ubuntu: CVE-2025-32462 | Ubuntu / CVE-2025-32463 | Ubuntu
Fedora/RHEL: FEDORA-2025-44c3b13554 — security update for sudo — Fedora Updates System / FEDORA-2025-44c3b13554 — security update for sudo — Fedora Updates System / cve-details
Arch: Commits · main · Arch Linux / Packaging / Packages / sudo · GitLab
Debian: CVE-2025-32463 / CVE-2025-32462

Hei thanks @shybry747 for this post.

I know vulnerabilities might be nasty, but I’m sure mostly often updated distros as Fedora will have the hotfix soon, I’m guessing 1 week maximum and development team will release the update.


The only defence we having against these CVEs is keeping the system often updated. The problem would be more consistent using Ubuntu or some Debian stable derivates, in this case packages versions are stuck for months. (I just checked Debian stable currently is using sudo version 1.9.13p3)


For a home user he might either don’t know anything about CVEs, so Ubuntu usage will not be a daily problem for him. For a professional user instead he need to update soon. In case of Debian stable for having the last package version you might claw some critical updates from sid repository when you heard something as CVEs.

1 Like

Also seems in Debian and Ubuntu already patched the CVE by theirself


In general guys keep in mind system updates, expecially security patches, are importants and you should do them as soon they are available, as best maintanance practice.

2 Likes

It also helps to setup unattended security updates:

2 Likes