来源

关联漏洞

描述

🔓 Local privilege escalation PoC for CVE-2025-32462 (sudo -h bypass) – gain root via misconfigured sudoers

介绍

# CVE-2025-32462 – sudo -h Privilege Escalation PoC

![MIT License](https://img.shields.io/badge/license-MIT-green)
![PoC](https://img.shields.io/badge/status-proof--of--concept-blue)
![Visitors](https://visitor-badge.laobi.icu/badge?page_id=cyberpoul.CVE-2025-32462-POC)

> 🚨 Local privilege escalation exploit for `sudo` via the `-h/--host` argument  
> Affects systems with `sudo` misconfigurations allowing unintended root access.

---

## 🧠 About

This PoC demonstrates **CVE-2025-32462**, a logic flaw in `sudo` (all versions ≤ 1.9.17),  
where misuse of the `-h` option can bypass RunAs restrictions and allow unintended root command execution.

---

## 📋 Requirements

- Affected `sudo` version: **≤ 1.9.17**
- `sudoers` config includes misconfig like:

  `(ALL, !root) NOPASSWD: ALL`


## 🚀 Usage

- `chmod +x CVE-2025-32462.sh && ./CVE-2025-32462.sh`

- To test a specific command (example: whoami):
 `./CVE-2025-32462.sh whoami`
If the system is vulnerable and misconfigured, this will drop you into a root shell via `sudo -h`. To exit the root shell, type: `exit`


## 🛡️ Mitigation

- Upgrade sudo to 1.9.17p1 or later

- Restrict or disable use of the -h / --host option


## 📚 References

- [NVD Entry – CVE-2025-32462](https://nvd.nist.gov/vuln/detail/CVE-2025-32462)
- [Sudo security advisory](https://www.sudo.ws/security/advisories)

文件快照

 [4.0K]  /data/pocs/ad3c1044e74ed16c35f9c9a736b1102d21dc978c
├── [ 403]  CVE-2025-32462.sh
├── [1.1K]  LICENSE
└── [1.3K]  README.md

0 directories, 3 files

备注