The vulnerability, with a critical CVSS rating of 9.3 out of 10, affects Sudo versions 1.9.14 through 1.9.17, and Stratascale researchers said they verified the exploitation on Ubuntu 24.04.1 and the Fedora 41 server.
βCVE-2025-32463 involves a local privilege escalation vector that doesnβt require the user to be in the sudoers file,β said Marc England, security consultant at Black Duck. βMy only question would be, when it comes to elements such as infrastructure, how many of them are using Ubuntu 24.04? A lot of the time, with Ubuntu 22.04 LTS having support through to 2027, it would be far more common in most environments as there isnβt always a rush to update to a new OS since the current one is still stable and supported.β
England thinks many admins could be in the clear as he believes most would be using Sudo version 1.9.9, non-vulnerable, as it is the latest package supported on Ubuntu 22.04.
