CVE-2025-32463 looks bad. Systems with sudo versions 1.9.14 to 1.9.17
and support for /etc/nsswitch.conf (that's most modern dists) allow users not even in sudoers to acquire root by sudo --chroot on a chroot they can write into.
I strongly believe sudo must not be installed on personal user systems. It's attack surface is far too large and that too for features no one other than enterprise is ever gonna use.
How many systems have sudo installed and how many of them are using sudoers config in LDAP or SSSD or the log collector or any of the stupid features like chroot etc.?
baobun•7mo ago
https://seclists.org/oss-sec/2025/q2/288
The --chroot flag is now deprecated. I guess there must be a few build systems affected by that.
BTW is the CSS on TFA making the text unreadably low contrast for others too?
Readable: https://www.stratascale.com/vulnerability-alert-CVE-2025-324...