michael.reber/CVE-2025-32463-POC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17 Commits 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
opscur cd92792267 Update README.md
2026-02-17 20:12:13 +01:00
CVE-2025-32463.sh
Update CVE-2025-32463.sh
2026-02-06 23:33:30 +01:00
LICENSE
Update LICENSE
2025-08-07 06:01:40 +02:00
README.md
Update README.md
2026-02-17 20:12:13 +01:00

README.md

CVE-2025-32463 - sudo Local Privilege Escalation (PoC)

MIT License PoC Visitors

⚠️ This repository contains a Proof of Concept (PoC) exploit for CVE-2025-32463
Intended only for educational purposes and use in authorized environments.

🧠 About the Vulnerability

CVE-2025-32463 is a local privilege escalation vulnerability affecting sudo versions 1.9.14 to 1.9.17.

The flaw resides in the way sudo handles the --chroot (-R) option introduced in 1.9.14. It allows an unprivileged user to craft a fake nsswitch.conf inside a controlled chroot path, forcing sudo (running as root) to load an arbitrary NSS library and execute code as root.

Affected Versions

  • sudo ≥ 1.9.14 and < 1.9.17p1
  • Unaffected:
    • Versions < 1.9.14 (feature not present)
    • Versions ≥ 1.9.17p1 (vulnerability patched)

🚩 Requirements

  • A vulnerable version of sudo (see above)
  • gcc installed
  • The user can run sudo -R with an arbitrary directory (some setups restrict this)

🚀 Exploit Steps

  1. Clone this repository or just download the script
  2. Run the PoC script:

chmod +x CVE-2025-32463.sh && ./CVE-2025-32463.sh

📚 References

Reference in New Issue View Git Blame Copy Permalink
Description
🛡️ Proof of Concept (PoC) for CVE-2025-32463 — Local privilege escalation in sudo (versions 1.9.14 to 1.9.17). This exploit abuses the --chroot option and a malicious nsswitch.conf to execute arbitrary code as root. ⚠️ For educational and authorized testing only.
Readme MIT 46 KiB
Languages
Shell 100%