# 🚨 PoC: CVE-2025-32463 – Sudo chroot Escape Vulnerability
> A critical vulnerability affecting `sudo` versions **1.9.0 to 1.9.17p1**, allowing users to escape from `chroot` and gain access to the real root filesystem.
## 📌 Description
CVE-2025-32463 is a **local privilege escalation** vulnerability in `sudo` that enables users with specific `sudoers` configurations to escape a `chroot` jail and access the host system’s root directory.
### 🔥 Impact
If your `/etc/sudoers` contains lines such as:
some_user ALL=(ALL:ALL) CHROOT=/path/to/jail /path/to/elf-binary
Then your system is potentially **vulnerable**.
## 🧪 Proof of Concept (PoC)
This repository demonstrates a working Proof of Concept to exploit the vulnerability.
> ⚠️ This PoC is for **educational and research purposes only**. Use responsibly and only in environments you own or have explicit permission to test.
### ✅ Requirements
- Vulnerable version of `sudo` (1.9.0 to 1.9.17p1)
- User with chroot sudoers configuration
- ELF binary permitted in the chroot context
### 📂 Usage
1. Clone this repository:
```bash
git clone https://github.com/your-username/CVE-2025-32463-PoC.git
cd CVE-2025-32463-PoC
chmod +x CVE-2025-32463.sh
./CVE-2025-32463.sh
Read the exploit code and adapt it as needed for your environment.
Execute the PoC under the chrooted sudo environment.
🛡️ Mitigation
To protect your systems:
- Update sudo to version 1.9.17p2 or later
- Review /etc/sudoers, especially entries involving CHROOT=
📚 References
- [Sudo Security Advisory](https://www.sudo.ws/security/advisories/)
- [CVE-2025-32463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463)
⚠️ Disclaimer
This project is licensed under the MIT License. This PoC is provided as-is, with no guarantees or warranties. Use at your own risk.
[4.0K] /data/pocs/f5107aec5189ac440185bbba6b3c62ceb0acc579
├── [ 637] CVE-2025-32463.sh
└── [1.9K] README.md
0 directories, 2 files