Close Menu
TechurzTechurz
    What's Hot

    Builders Stage agenda revealed for Disrupt 2026

    July 1, 2026

    Startup Battlefield Australia application closes in days: Apply before July 6

    June 30, 2026

    Acti puts AI agents directly into your smartphone keyboard

    June 30, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Builders Stage agenda revealed for Disrupt 2026
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    • The DeepMind trio who built a poker AI are now making money for quant hedge funds
    • Nvidia competitor Etched hits $5B valuation, $1B in sales for AI chip
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
    Cyber Reality

    CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

    TechurzBy TechurzSeptember 30, 2025Updated:May 10, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Critical Sudo Flaw
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Sep 30, 2025Ravie LakshmananVulnerability / Linux

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

    The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025.

    “Sudo contains an inclusion of functionality from an untrusted control sphere vulnerability,” CISA said. “This vulnerability could allow a local attacker to leverage sudo’s -R (–chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.”

    It’s currently not known how the shortcoming is being exploited in real-world attacks, and who may be behind such efforts. Also added to the KEV catalog are four other flaws –

    • CVE-2021-21311 – Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. (Disclosed as exploited by Google Mandiant in May 2022 by a threat actor called UNC2903 to target AWS IMDS setups)
    • CVE-2025-20352 – Cisco IOS and IOS XE contain a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. (Disclosed as exploited by Cisco last week)
    • CVE-2025-10035 – Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability that allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. (Disclosed as exploited by watchTowr Labs last week)
    • CVE-2025-59689 – Libraesva Email Security Gateway (ESG) contains a command injection vulnerability that allows command injection via a compressed email attachment. (Disclosed as exploited by Libraesva last week)

    In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies relying on the affected products are advised to apply the necessary mitigations by October 20, 2025, to secure their networks.

    actively alarm CISA Critical exploited flaw Linux sounds Sudo systems Unix
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleWhy I put my Bose QuietComfort headphones away soon after testing this competitor
    Next Article Should you spend $100 on a mouse? I found one that’s a game-changer at work
    Techurz
    • Website

    Related Posts

    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Cyber Reality

    Neural Data Policy: 7 Risks That Brain Privacy Laws Miss

    May 25, 2026
    Cyber Reality

    How AI Changing Cyber Crime: 7 Critical Shifts to Watch

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.