Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS Details
- CVSS 3.1 Base Score: 9.3
- CVSS 3.1 Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-sudo | Aug 8, 2025 | Jun 30, 2025 | |
| Amazon_linux_2023 | amazon-linux-2023-upgrade-sudoamazon-linux-2023-upgrade-sudo-debuginfoamazon-linux-2023-upgrade-sudo-debugsourceamazon-linux-2023-upgrade-sudo-develamazon-linux-2023-upgrade-sudo-logsrvdamazon-linux-2023-upgrade-sudo-logsrvd-debuginfoamazon-linux-2023-upgrade-sudo-python-pluginamazon-linux-2023-upgrade-sudo-python-plugin-debuginfo | Jul 11, 2025 | Jun 30, 2025 | |
| Freebsd | freebsd-upgrade-package-sudofreebsd-upgrade-package-sudo-sssd | Jul 2, 2025 | Jul 1, 2025 | |
| Gentoo Linux | gentoo-linux-upgrade-app-admin-sudo | Jul 2, 2025 | Jun 30, 2025 | |
| Oracle_linux | — | oracle-linux-upgrade-sudooracle-linux-upgrade-sudo-python-plugin | Jul 24, 2025 | Jun 30, 2025 |
| Redhat_linux | redhat-upgrade-sudoredhat-upgrade-sudo-debuginforedhat-upgrade-sudo-debugsourceredhat-upgrade-sudo-python-pluginredhat-upgrade-sudo-python-plugin-debuginfo | Jan 27, 2026 | Jun 30, 2025 | |
| Rocky_linux | rocky-upgrade-sudorocky-upgrade-sudo-debuginforocky-upgrade-sudo-debugsourcerocky-upgrade-sudo-python-pluginrocky-upgrade-sudo-python-plugin-debuginfo | Feb 11, 2026 | Oct 3, 2025 | |
| Suse | — | suse-upgrade-sudosuse-upgrade-sudo-develsuse-upgrade-sudo-plugin-pythonsuse-upgrade-sudo-policy-sudo-auth-selfsuse-upgrade-sudo-policy-wheel-auth-selfsuse-upgrade-sudo-testsuse-upgrade-system-group-sudo | Oct 23, 2025 | Jun 30, 2025 |
| Ubuntu | ubuntu-upgrade-sudoubuntu-upgrade-sudo-ldap | Jul 1, 2025 | Jun 30, 2025 | |
| Vmware Photon_os | vmware-photon_os_update_tdnf | Jul 2, 2025 | Jun 30, 2025 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub