I believe this was the top headline in today’s Cyberwire Daily podcast which I did not hear, as of yet. But it is the top story right now on Bleeping computer.
It seems this is a vulnerability that has a CVSS score of 9.3, dating all the way back to either June or July of this year.
This has been added to the known exploite catalogue link to kev if you wish to take a look at it.
Federal agencies have until October 20, 2025 to fix the flaw.
As discussed again on Livewire, the government is telling us, the civilians to fix vulnerabilities quickly, but yet, they have unpatched software. I don’t understand this logic, and that’s what makes this very difficult to understand.
Sudo (“superuser do”) allows system administrators to delegate their authority to certain unprivileged users while logging the executed commands and their arguments.
Officially disclosed on June 30, CVE-2025-32463 affects sudo versions 1.9.14 through 1.9.17 and has received a critical severity score of 9.3 out of 10.
The article continues:
Rich Mirch, a researcher at cybersecurity services company Stratascale who discovered CVE-2025-32463, noted that the issue impacts the default sudo configuration and can be exploited without any predefined rules for the user.
On July 4, Mirch released a proof-of-concept exploit for the CVE-2025-32463 flaw, which has existed since June 2023 with the release of version 1.9.14.
However, additional exploits have circulated publicly since July 1, likely derived from the technical write-up.
This should probably not surprise most, which is why I put above that it was probably june or july, as both sets of info is provided within the article as such.
Would you like to read the entire write up so you can see if you’re affected?
CISA warns of critical Linux Sudo flaw exploited in attacks is going to be the article if you wish to do so.
Thanks so much for listening, and make it a great day! We’re glad to be back trying to give you some news that might be of value to the community. Its been a long time.
Thanks for reading, make it a great day.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.