来源

关联漏洞

描述

🛡️ Proof of Concept (PoC) for CVE-2025-32463 — Local privilege escalation in sudo (versions 1.9.14 to 1.9.17). This exploit abuses the --chroot option and a malicious nsswitch.conf to execute arbitrary code as root. ⚠️ For educational and authorized testing only.

介绍

# CVE-2025-32463 - sudo Local Privilege Escalation (PoC)

![MIT License](https://img.shields.io/badge/license-MIT-green)
![PoC](https://img.shields.io/badge/status-proof--of--concept-blue)
![Visitors](https://visitor-badge.laobi.icu/badge?page_id=cyberpoul.CVE-2025-32463-POC)

> ⚠️ **This repository contains a Proof of Concept (PoC) exploit for CVE-2025-32463**  
> Intended **only for educational purposes** and use in **authorized environments**.



---

## 🧠 About the Vulnerability

**CVE-2025-32463** is a local privilege escalation vulnerability affecting `sudo` versions **1.9.14 to 1.9.17**.

The flaw resides in the way `sudo` handles the `--chroot` (`-R`) option introduced in 1.9.14. It allows an unprivileged user to craft a fake `nsswitch.conf` inside a controlled chroot path, forcing `sudo` (running as root) to load an arbitrary **NSS library** and execute code as root.

---

## ✅ Affected Versions

- `sudo` **≥ 1.9.14** and **< 1.9.17p1**
- Unaffected:  
  - Versions **< 1.9.14** (feature not present)  
  - Versions **≥ 1.9.17p1** (vulnerability patched)

---

## 🚩 Requirements

- A vulnerable version of `sudo` (see above)
- `gcc` installed
- The user can run `sudo -R` with an arbitrary directory *(some setups restrict this)*

---

## 🚀 Exploit Steps

1. Clone this repository or just download the script
2. Run the PoC script:

` chmod +x CVE-2025-32463.sh && ./CVE-2025-32463.sh `

## 📚 References

- [NVD Entry – CVE-2025-32463](https://nvd.nist.gov/vuln/detail/CVE-2025-32463)
- [Sudo security advisory](https://www.sudo.ws/security/advisories)

文件快照

 [4.0K]  /data/pocs/81b4fecb3f9b385376f8f715370e420e34193539
├── [1.1K]  CVE-2025-32463.sh
├── [1.1K]  LICENSE
└── [1.6K]  README.md

0 directories, 3 files

备注