An attacker can leverage sudo’s -R
(--chroot
) option to run
arbitrary commands as root, even if they are not listed in the
sudoers file.
Sudo versions 1.9.14 to 1.9.17 inclusive are affected.
This vulnerability has been assigned CVE-2025-32463 in the Common Vulnerabilities and Exposures database.
... ➦