{"id":7195,"date":"2025-09-30T08:20:36","date_gmt":"2025-09-30T08:20:36","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=7195"},"modified":"2025-09-30T08:20:36","modified_gmt":"2025-09-30T08:20:36","slug":"cisa-sounds-alarm-on-important-sudo-flaw-actively-exploited-in-linux-and-unix-techniques","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=7195","title":{"rendered":"CISA Sounds Alarm on Important Sudo Flaw Actively Exploited in Linux and Unix Techniques"},"content":{"rendered":"


\n<\/p>\n

\n

\ue802<\/i>Sep 30, 2025<\/span>\ue804<\/i>Ravie Lakshmanan<\/span><\/span>Vulnerability \/ Linux<\/span><\/p>\n<\/div>\n

\n
\"Critical<\/a><\/div>\n

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added<\/a> a crucial safety flaw impacting the Sudo command-line utility for Linux and Unix-like working techniques to its Identified Exploited Vulnerabilities (KEV<\/a>) catalog, citing proof of energetic exploitation within the wild.<\/p>\n

The vulnerability in query is CVE-2025-32463 (CVSS rating: 9.3), which impacts Sudo variations previous to 1.9.17p1. It was disclosed<\/a> by Stratascale researcher Wealthy Mirch again in July 2025.<\/p>\n

“Sudo incorporates an inclusion of performance from an untrusted management sphere vulnerability,” CISA stated. “This vulnerability may permit an area attacker to leverage sudo’s -R (–chroot) choice to run arbitrary instructions as root, even when they aren’t listed within the sudoers file.”<\/p>\n

\"CIS<\/a><\/center><\/div>\n

It is presently not identified how the shortcoming is being exploited in real-world assaults, and who could also be behind such efforts. Additionally added to the KEV catalog are 4 different flaws –<\/p>\n