How to fix EUVD-2025-19673?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is Ubuntu affected by EUVD-2025-19673?

Organizations using Sudo before 1.9.17p1 face critical risk from CVE-2025-32463 rated CVSS 9.3. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

EUVD-2025-19673

| CVE-2025-32463 CRITICAL

2025-06-30 [email protected]

9.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 16, 2026 - 01:25 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:25 euvd

EUVD-2025-19673

Added to CISA KEV

Nov 05, 2025 - 19:26 cisa

CISA KEV

PoC Detected

Nov 05, 2025 - 19:26 vuln.today

Public exploit code

CVE Published

Jun 30, 2025 - 21:15 nvd

CRITICAL 9.3

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Analysis

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Technical Context

When sudo processes a command with --chroot, it changes the filesystem root before resolving NSS (Name Service Switch) modules. Because /etc/nsswitch.conf and the NSS libraries are loaded from the user-controlled chroot directory, an attacker can place a malicious nsswitch.conf that points to a crafted shared library. Sudo (running as root) loads this library, executing attacker-controlled code with root privileges. The vulnerability requires the user to have sudoers permission to use --chroot, but in environments where this is permitted, it's trivially exploitable.

Affected Products

['Sudo before 1.9.17p1']

Remediation

Upgrade sudo to 1.9.17p1 or later. If unable to upgrade, remove --chroot permission from sudoers entries. Audit sudoers configuration for --chroot usage. Check for exploitation indicators in sudo logs.

Priority Score

143

Low Medium High Critical

KEV: +50

EPSS: +26.5

CVSS: +46

POC: +20

Vendor Status

Ubuntu

Priority: High

sudo

Release	Status	Version
trusty	not-affected	code not present
xenial	not-affected	code not present
bionic	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
noble	released	1.9.15p5-3ubuntu5.24.04.1
oracular	released	1.9.15p5-3ubuntu5.24.10.1
plucky	released	1.9.16p2-1ubuntu1.1
upstream	pending	1.9.17p1,1.9.16p2-3

USN-7604-1

Debian

sudo

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	1.9.5p2-3+deb11u3	-
bookworm	not-affected	-	-
bookworm (security)	fixed	1.9.13p3-1+deb12u2	-
trixie	fixed	1.9.16p2-3+deb13u1	-
forky, sid	fixed	1.9.17p2-4	-
(unstable)	fixed	1.9.16p2-3	-

EUVD-2025-19673 vulnerability details – vuln.today

Back

EUVD-2025-19673

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-19673

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code