Several major Linux distros hit by serious Sudo security flaws


Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files.

The vulnerabilities are tracked as CVE-2025-32462 (severity score 2.8/10 – low severity), and CVE-2025-32463 (severity score 9.3/10 critical), and were found in the Sudo command-line utility for Linux and other Unix-like operating systems. All versions before 1.9.17p1 were said to be vulnerable, with Rich Mirch, the Stratascale researcher who found the flaws, saying they were lingering for more than a decade before being discovered.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber secnews and insights delivered right to your inbox.


Related:

  • Newely discovered AMD CPU flaw highlights the risk of running multiple VMs

    January 16, 2026

    A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines. Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating ...

  • RondoDox botnet linked to large-scale exploit of critical HPE OneView bug

    January 16, 2026

    A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet. The security outfit says it has identified “large-scale exploitation” of CVE-2025-37164, a maximum-severity remote code execution bug in HPE’s data center management platform. Check Point has tied the activity to RondoDox, a Linux-based botnet ...

  • WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping

    January 16, 2026

    WhisperPair is a set of attacks that lets an attacker hijack many popular Bluetooth audio accessories that use Google Fast Pair and, in some cases, even track their location via Google’s Find Hub network—all without requiring any user interaction. Researchers at the Belgian University of Leuven revealed a collection of vulnerabilities they found in audio accessories ...

  • Cisco has finally patched a maximum-level security issue

    January 16, 2026

    A maximum-severity vulnerability in certain Cisco products has finally been addressed after allegedly being exploited by Chinese hackers for several weeks. In mid-December 2025, the networking giant disclosed a remote code execution (RCE) vulnerability in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. It tracked the flaw as CVE-2025-20393 ...

  • “Reprompt” attack lets attackers steal data from Microsoft Copilot

    January 15, 2026

    Researchers found a method to steal data which bypasses Microsoft Copilot’s built-in safety mechanisms. The attack flow, called Reprompt, abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session. Copilot is an AI assistant which connects to a personal account and is integrated into Windows, the Edge browser, and ...

  • Patch Tuesday – January 2026

    January 14, 2026

    Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities. So far this month, Microsoft has already provided patches to ...