{"id":348835,"date":"2025-09-30T06:40:00","date_gmt":"2025-09-30T13:40:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=397472"},"modified":"2025-09-30T07:10:28","modified_gmt":"2025-09-30T14:10:28","slug":"linux-has-a-critical-vulnerability-even-if-no-one-really-knows-how-it-is-being-exploited","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/linux-has-a-critical-vulnerability-even-if-no-one-really-knows-how-it-is-being-exploited\/","title":{"rendered":"Linux has a critical vulnerability, even if no one really knows how it is being exploited"},"content":{"rendered":"\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added the vulnerability CVE-2025-32463 to its catalog of Known Exploited Vulnerabilities (KEV). This critical flaw affects Sudo versions prior to 1.9.17p1 and has a CVSS score of 9.3, placing it in the high severity category<\/strong>. The first alerts about this vulnerability were issued in July 2025 by researcher Rich Mirch from Stratascale.<\/p>\n\n\n

A very serious vulnerability to fix<\/h2>\n\n\n

CISA warns that this vulnerability can be exploited by local attackers to execute arbitrary commands with root privileges, taking advantage of the -R (–chroot) option of Sudo, even if such commands are not listed in the sudoers file<\/strong>. This makes it a potentially devastating attack vector for systems that rely on Sudo for privilege management.<\/p>\n\n\n

According to recent reports, there is evidence of active exploitation of this vulnerability in the real world, although the exact details of how these attacks are being carried out and who is responsible have not yet been clarified<\/strong>. This lack of information may indicate the urgency with which system administrators must act to mitigate the risk.<\/p>\n\n\n

\n