Yesterday, while I was making the final touches on LTM Monthly Newsletter 25.01, exactly in its Cyberwatch section and almost ready to hit the send (and publish) button, I got the news of two very serious vulnerabilities hitting the sudo utility you use frequently—if not daily—on your terminal: CVE‑2025‑32462 and CVE‑2025‑32463.
This should storm your brain with two questions: What do these two sudo flaws offer attackers? And what should you do to protect your Linux system?
While I already highlighted the answers in the last LTM newsletter issue, I believe such an important event deserves a dedicated post. So without further ado, let’s dive in.
This article is sponsored by TUXEDOComputers, a German company that produces Linux hardware, notebooks, computers, and more. Always and forever, all ideas and opinions on this website are wholly mine, as my values are not for sale. To learn more, read our Code of Ethics.
⚠️ Root Was at Risk: Sudo Privilege Escalation Flaws
The CVE‑2025‑32462 and CVE‑2025‑32463 vulnerabilities—let’s call them sudo local privilege escalation (LPE) flaws—allow any local unprivileged user (someone without administrative permissions and not in the sudoers group) to run code as root. This provides a golden (or even platinum) opportunity for attackers (or hackers, if you prefer) to gain full control of your system. All they need is local access, which they can achieve through SSH, malware (yes, Linux has malware—not as much as Windows, but it exists), or a malicious account.
If your brain hasn’t registered the danger yet, let me be clear: these flaws can be exploited by hackers to gain full control of your system. This is extremely dangerous, and I hope it motivates you to take the appropriate actions listed below.
🛡️ What You Should Do to Protect Your System
When flaws with such high severity are discovered, they usually get patched quickly—often the same day—by most Linux distributions. I can confirm that both vulnerabilities are patched in the latest version of sudo (1.9.17p1, released on June 30, 2025) and are already patched on Ubuntu, Debian, openSUSE, and Arch. Surprisingly, they are not yet patched on Fedora (as of writing, the patch is planned for July 3, 2025, but I don’t know why the delay).
Therefore, keeping your system updated is not optional; it’s a fundamental practice.
I know your brain now sees the danger, but remember: there are always flaws out there that attackers know about and might already be using in their malicious activities—long before they’re discovered or patched. It’s a reality we need to live with unless we plan to ditch the internet (not impossible, and maybe life would be better without it, who knows?). But for now, come back, open your terminal, and take action:
🚨 Urgently Update All Your Systems
- For Arch:
sudo pacman -Syu- For Fedora:
sudo dnf update- For openSUSE:
sudo zypper up- For Ubuntu:
sudo apt update && sudo apt upgrade🚨 Audit Recent sudo Usage for Suspicious Activity
sudo journalctl _COMM=sudo
🚨 Restrict sudo Access for Untrusted Users
Check who has sudo access:
- On Debian/Ubuntu:
sudo getent group sudo- On Fedora/Arch:
sudo getent group wheelIf you find someone who shouldn’t be there, remove them:
- On Debian/Ubuntu:
sudo deluser username sudo- On Fedora/Arch:
sudo gpasswd -d username wheelLimit sudo privileges to trusted accounts only until all systems are patched (we’re still waiting for Fedora). This will help you stay safe from these vulnerabilities. Remember: reducing risk, even a little, is better than ignoring it and regretting it later.
💬 Do you know of any other unpatched flaws? How frequently do you update your system?
Linux-Tech&More Comment Policy
Comments are welcomed and encouraged on this blog. Spam, abusive and off-topics comments will be deleted. Please read our Comments policy before commenting.
Join the Discussion!