sudo: sudo local privilege escalation via -h/--host argument manipulation (CVE-2025-32462) #shorts
Summary
Welcome to today’s podcast. We’re discussing CVE-2025-32462, a critical local privilege escalation vulnerability in the widely used Sudo utility. Discovered in Sudo versions before 1.9.17p1, this flaw permits authorized users to gain root privileges on unintended machines by abusing the -h/--host argument.
Product details
The vulnerability affects Sudo, authored by Todd Miller. Any deployment running a version less than 1.9.17p1—including the custom 1.8.8 release—on Linux or macOS is impacted. Sudo is installed by default on most UNIX-like systems and grants controlled root‐level command execution.
Vulnerability type summary
CVE-2025-32462 is classified under CWE-863: Incorrect Authorization. The flaw arises when a sudoers file includes a host entry that doesn’t match the current host or the special ALL token. This logic gap lets users bypass host restrictions.
Details of the vulnerability
When invoking Sudo with the -h or --host switch, Sudo incorrectly verifies whether the specified host in the sudoers policy matches the machine name or the ALL wildcard. If the host entry is neither of these, the check fails to block the user, allowing them to execute commands as root on any host listed—even those they shouldn’t access. Attackers with valid sudo rights can chain this flaw into a full root shell locally. Proof‐of‐concept exploits emerged within days of the June 30, 2025 disclosure, and the issue is actively targeted in penetration tests.
Conclusion
To mitigate CVE-2025-32462, immediately upgrade Sudo to version 1.9.17p1 or later on all impacted systems. System administrators should audit sudoers entries to ensure host specifications are accurate. Applying this urgent patch protects against local privilege escalation and maintains the principle of least privilege across your infrastructure.
Watch the full video on YouTube: CVE-2025-32462
Remediation and exploitation details
This chain involves the following actors
- Local user: Potential attacker with a standard account
- System administrator: Defender responsible for patching and configuration
This following systems are involved
- sudo (Command-launching program that grants elevated privileges): Mediates user commands and enforces rules in the sudoers file
- Target host (Physical or virtual machine running sudo and user sessions): Execution environment where privilege escalation occurs
Attack entry point
- Host argument: The –h or --host option in sudo that names the machine where a command should run
Remediation actions
Exploitation actions
Configuration enumeration
- grep -E 'Host_Name' /etc/sudoers /etc/sudoers.d/*
Argument manipulation
- sudo -h remotehost id
Bypass of host restriction
- whoami
- id
Local privilege escalation
- sudo -h remotehost /bin/bash
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
- https://www.sudo.ws/security/advisories/
- https://www.sudo.ws/releases/changelog/
- https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
- https://www.openwall.com/lists/oss-security/2025/06/30/2
- [2025-06-30] A critical vulnerability in Todd Miller's sudo version 1.9.17 allows for local privilege escalation via manipulation of the -h/--host argument.
- [2025-07-02] Article discusses the resolution of Sudo LPE vulnerabilities CVE-2025-32462 and CVE-2025-32463, recommending updates on Linux and macOS systems.
- [2025-07-02] New local privilege escalation vulnerabilities, CVE-2025-32462 and CVE-2025-32463, have been identified in the Sudo software, affecting Linux systems.
- [2025-07-01] Urgent update needed for Sudo utility to patch local privilege escalation vulnerabilities