Several major Linux distros hit by serious Sudo security flaws


Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files.

The vulnerabilities are tracked as CVE-2025-32462 (severity score 2.8/10 – low severity), and CVE-2025-32463 (severity score 9.3/10 critical), and were found in the Sudo command-line utility for Linux and other Unix-like operating systems. All versions before 1.9.17p1 were said to be vulnerable, with Rich Mirch, the Stratascale researcher who found the flaws, saying they were lingering for more than a decade before being discovered.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber secnews and insights delivered right to your inbox.


Related:

  • CMS Sitecore patches critical zero-day flaw

    September 5, 2025

    Popular CMS platform Sitecore has patched a critical zero-day vulnerability found to be being abused in cyberattacks. Security researchers from Mandiant observed threat actors exploiting a zero-day flaw to deploy malware, as well as other legitimate software. The flaw stemmed from the use of sample ASP.NET machine keys published in old deployment guides (pre-2017), and is ...

  • Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack

    September 3, 2025

    The Salesloft Drift incident is quickly turning into the next MOVEit MFT fiasco, as yet another company confirms losing sensitive data in the third-party attack. This time around, it is the American multinational cybersecurity company Palo Alto Networks that confirmed losing customer data and support cases information in the breach. It all began with the sales ...

  • Google warns Gmail users to change passwords after data breach

    September 3, 2025

    Google is warning about 2.5 billion Gmail users to change their passwords or install a passkey following a data breach that has led to a surge in “phishing” email attacks. The data breach that prompted the warning reportedly happened at a Salesforce database that Google uses internally. The compromised information included basic business contact information such ...

  • Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust

    September 3, 2025

    Palo Alto Unit 42 research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. Hugging Face is a platform ...

  • Hackers are now hiding malware in the images served up by LLMs

    August 31, 2025

    As AI tools become more integrated into daily work, the security risks attached to them are also evolving in new directions. Researchers at Trail of Bits have demonstrated a method where malicious prompts are hidden inside images and then revealed during processing by large language models. The technique takes advantage of how AI platforms downscale images ...

  • WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware

    August 29, 2025

    WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.” The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate ...