24h | 7d | 30d

Overview

  • Sudo project
  • Sudo

30 Jun 2025
Published
30 Jun 2025
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
Pending

KEV

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Statistics

  • 11 Posts
  • 59 Interactions

Fediverse

Profile picture

CVE-2025-32463: Local root exploit in sudo >= 1.9.14 (e.g. Ubuntu 24.04, etc)

Those running new enough versions of sudo, such as those on Ubuntu 24.04, should do a package update as soon as possible.

mailman.bitfolk.com/mailman/hy

  • 6
  • 1
  • 6 hours ago
Profile picture

i’ve been patched against CVE-2025-32463 since april 2022, actually

  • 4
  • 0
  • 15 hours ago
Profile picture

Maybe controversial, but I think it is bad to do this
stratascale.com/vulnerability-

  • 2
  • 6
  • 7 hours ago
Profile picture
New sudo LPE's just dropped:

Sudo Host Option Elevation of Privilege (CVE-2025-32462):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host

Sudo local privilege escalation via chroot option (CVE-2025-32463):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Linking oss-security too, because researcher advisories don't like to load for me:

https://www.openwall.com/lists/oss-security/2025/06/30/2

https://www.openwall.com/lists/oss-security/2025/06/30/3
  • 14
  • 5
  • 21 hours ago
Profile picture

Oula, une vulnérabilité sur "sudo" ubuntu.com/security/CVE-2025-3

> An attacker can leverage sudo’s `-R` (`--chroot`) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 inclusive are affected.

  • 1
  • 0
  • 21 hours ago
Profile picture
  • 0
  • 0
  • 10 hours ago
Profile picture

🔴 CRITICAL: CVE-2025-32463 in Sudo <1.9.17p1 lets local users escalate to root by abusing --chroot and user-controlled /etc/nsswitch.conf. Identify & patch vulnerable systems, tighten controls. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 9 hours ago
Profile picture

Following a recent incident, here's a reminder: #SudoConsideredHarmful

What I do use instead of #sudo? "ssh root@localhost" with keys: github.com/xtaran/sshudo and "alias sudo sshudo" or "ln -vis /usr/bin/sshudo /usr/bin/sudo".

(For those who wonder what I refer to: stratascale.com/vulnerability- and stratascale.com/vulnerability-)

#SSHudo #SSH #CVE_2025_32462 #CVE_2025_32463

  • 1
  • 1
  • Last hour
Profile picture

Sudo versions 1.9.14 to 1.9.17 (inclusive) have two critical vulnerabilities:
- local privilege escalation via chroot option (CVE-2025-32463) openwall.com/lists/oss-securit
- local privilege escalation via host option (CVE-2025-32462) openwall.com/lists/oss-securit

  • 0
  • 2
  • 20 hours ago
Profile picture

Vulnerabilità critica in Sudo: escalation dei privilegi a root su Linux

Una falla critica nella sicurezza dell’utility Linux Sudo è stata individuata, tale falla permette a qualunque utente locale privo di autorizzazioni di ampliare i propri diritti fino ad arrivare all’accesso come root. Le versioni del software Sudo dalla 1.9.14 alla 1.9.17 sono state riconosciute come vulnerabili, codificate come CVE-2025-32463, e rappresentano un pericolo considerevole per i sistemi operativi Linux che adottano le impostazioni di default.

Pertanto si consiglia vivamente agli amministratori di sistema di aggiornare immediatamente i propri pacchetti Sudo, poiché non esiste una soluzione alternativa per questa vulnerabilità critica.

Il bug di sicurezza è stato individuato da Rich Mirch della Stratascale Cyber Research Unit (CRU) e interessa la funzionalità chroot (-R o -chroot) poco comune in Sudo. Questa falla risulta essere estremamente pericolosa poiché non necessita dell’impostazione di regole Sudo specifiche per l’utente malintenzionato, permettendo quindi lo sfruttamento da parte di utenti sprovvisti di autorizzazioni amministrative.

La falla è stata introdotta in Sudo v1.9.14 a giugno 2023 con aggiornamenti al codice di gestione della corrispondenza dei comandi quando viene utilizzata la funzionalità chroot. La vulnerabilità consente agli utenti non privilegiati di richiamare chroot() su percorsi scrivibili e non attendibili sotto il loro controllo, che Sudo esegue con autorità di root.

La tecnica di sfruttamento implica l’inserimento di un file /etc/nsswitch.conf dannoso all’interno di un ambiente chroot controllato, manipolando il sistema Name Service Switch (NSS). Questo permette agli aggressori di specificare fonti NSS personalizzate, corrispondenti a librerie di oggetti condivisi (come ad esempio libnss_/woot1337.so.2), che vengono successivamente caricate da Sudo con privilegi di root. Di conseguenza, si verifica una violazione della sicurezza quando le operazioni NSS sono attivate e il sistema procede al caricamento della configurazione /etc/nsswitch.conf da un ambiente che non è attendibile.

L’exploit proof-of-concept lo dimostra creando un oggetto condiviso dannoso con una funzione che chiama setreuid(0,0) e setregid(0,0) per ottenere privilegi di root , quindi esegue /bin/bash per fornire una shell di root. Il codice exploit mostra come un semplice comando gcc -shared -fPIC può compilare la libreria dannosa che viene caricata durante le operazioni NSS di Sudo.

I ricercatori di sicurezza hanno verificato la vulnerabilità su Ubuntu 24.04.1 con Sudo 1.9.15p5 e 1.9.16p2, nonché su Fedora 41 Server con Sudo 1.9.15p5. La vulnerabilità colpisce la configurazione predefinita di Sudo, rendendola una minaccia diffusa che richiede attenzione immediata. La correzione è disponibile in Sudo 1.9.17p1 o versioni successive, in cui l’opzione chroot è stata deprecata e le funzioni vulnerabili pivot_root() e unpivot_root() sono state rimosse.

L'articolo Vulnerabilità critica in Sudo: escalation dei privilegi a root su Linux proviene da il blog della sicurezza informatica.

  • 0
  • 0
  • 6 hours ago

Overview

  • Google
  • Chrome

30 Jun 2025
Published
30 Jun 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 6 Posts
  • 9 Interactions

Fediverse

Profile picture

Chrome patched a sev:HIGH CVE with an ITW exploit.

Google is aware that an exploit for CVE-2025-6554 exists in the wild.

chromereleases.googleblog.com/

  • 3
  • 2
  • 16 hours ago
Profile picture

Chrome in crisis: a dangerous zero-day in its V8 engine was exploited in the wild—but Google moved fast to patch it. Did your browser make it through the breach?

thedefendopsdiaries.com/unders





  • 1
  • 2
  • 2 hours ago
Profile picture

🚨 A new Chrome zero-day is already being exploited in the wild.

Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page.

It targets Chrome’s V8 engine—again.

Update now → thehackernews.com/2025/07/goog

  • 0
  • 1
  • 3 hours ago
Profile picture

🔎 Chrome pre-138.0.7204.96 hit by HIGH severity type confusion (CVE-2025-6554) in V8. Remote attackers can read/write memory via malicious HTML. Patch now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 13 hours ago
Profile picture

Google Chrome 138.0.7204.96 / .97 korrigiert eine Sicherheitslücke (CVE-2025-6554) als Exploit

deskmodder.de/blog/2025/07/01/

  • 0
  • 0
  • 7 hours ago
Profile picture

"Google is aware that an exploit for CVE-2025-6554 exists in the wild," the browser vendor said in a security advisory issued on Monday. bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1 hour ago

Overview

  • Sudo project
  • Sudo

30 Jun 2025
Published
30 Jun 2025
Updated

CVSS v3.1
LOW (2.8)
EPSS
Pending

KEV

Description

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Statistics

  • 6 Posts
  • 35 Interactions

Fediverse

Profile picture

⚠️ Faille Sudo, il faut corriger rapidement.

CVE-2025-32462 : une faille dans sudo permet l’escalade de privilèges locaux via l’option host (V)

TL;DR : Faille de type "Trust me bro on est sur une autre machine lance la commande". (L)

👉 sudo.ws/security/advisories/ho

  • 6
  • 0
  • 22 hours ago
Profile picture
New sudo LPE's just dropped:

Sudo Host Option Elevation of Privilege (CVE-2025-32462):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host

Sudo local privilege escalation via chroot option (CVE-2025-32463):

https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Linking oss-security too, because researcher advisories don't like to load for me:

https://www.openwall.com/lists/oss-security/2025/06/30/2

https://www.openwall.com/lists/oss-security/2025/06/30/3
  • 14
  • 5
  • 21 hours ago
Profile picture

Setting up sudo (1.9.13p3-1+deb12u2) ...

Et hop, CVE-2025-32462 ne passera pas par moi. tracker.debian.org/news/164997

  • 2
  • 1
  • 22 hours ago
Profile picture

𝐬𝐮𝐝𝐨 -𝐡 𝐡𝐨𝐬𝐭

Turns out the "h" stands for "hold my beer". 🍺 😅
⬇️
Local Privilege Escalation via host option

Sudo’s host (-h or --host) option is intended to be used in conjunction with the list option (-l or --list) to list a user’s sudo privileges on a host other than the current one. However, due to a bug it was not restricted to listing privileges and could be used when running a command via sudo or editing a file with sudoedit. Depending on the rules present in the sudoers file this could allow a local privilege escalation attack.

Sudo versions 1.8.8 to 1.9.17 inclusive are affected.
👇
sudo.ws/security/advisories/ho

[related]

Vulnerability Advisory: Sudo Host Option Elevation of Privilege
👇
stratascale.com/vulnerability-

  • 1
  • 2
  • 21 hours ago
Profile picture

Following a recent incident, here's a reminder: #SudoConsideredHarmful

What I do use instead of #sudo? "ssh root@localhost" with keys: github.com/xtaran/sshudo and "alias sudo sshudo" or "ln -vis /usr/bin/sshudo /usr/bin/sudo".

(For those who wonder what I refer to: stratascale.com/vulnerability- and stratascale.com/vulnerability-)

#SSHudo #SSH #CVE_2025_32462 #CVE_2025_32463

  • 1
  • 1
  • Last hour
Profile picture

Sudo versions 1.9.14 to 1.9.17 (inclusive) have two critical vulnerabilities:
- local privilege escalation via chroot option (CVE-2025-32463) openwall.com/lists/oss-securit
- local privilege escalation via host option (CVE-2025-32462) openwall.com/lists/oss-securit

  • 0
  • 2
  • 20 hours ago

Overview

  • NetScaler
  • ADC

17 Jun 2025
Published
26 Jun 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%

KEV

Description

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Statistics

  • 3 Posts
  • 48 Interactions

Fediverse

Profile picture

If you see this GitHub PoC for CVE-2025-5777 doing the rounds:

github.com/mingshenhk/CitrixBl

It’s not for CVE-2025-5777. It’s AI generated. The links in the README still have ChatGPT UTM sources.

The PoC itself is for a vuln addressed in 2023 - ChatGPT has hallucinated (made up) the cause of the vuln using an old BishopFox write up of the other vuln.

  • 13
  • 25
  • 4 hours ago

Overview

  • Pilz
  • IndustrialPI 4 with IndustrialPI webstatus

01 Jul 2025
Published
01 Jul 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

Statistics

  • 3 Posts
  • 6 Interactions

Fediverse

Profile picture
  • 1
  • 1
  • 5 hours ago
Profile picture

🚨 CVE-2025-41648 (CRITICAL, CVSS 9.8): Pilz IndustrialPI 4 w/ webstatus lets remote attackers bypass authentication & change all settings. No patch yet—segment networks & monitor traffic. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 4 hours ago
Profile picture

July is starting off with a perfect 10 in some OT kit. 🥳

certvde.com/en/advisories/VDE-

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.

nvd.nist.gov/vuln/detail/CVE-2

certvde.com/en/advisories/VDE-

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 3
  • 1 hour ago

Overview

  • NetScaler
  • ADC

25 Jun 2025
Published
30 Jun 2025
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.06%

Description

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Statistics

  • 2 Posts
  • 23 Interactions

Fediverse

Profile picture

CVE-2025-6543 (citrix 🩸) hit KEV. that means confirmed exploitation with receipts. will wash dishes for payloads. bob [@] greynoise [.] io (some mastodon clients really bork email addresses) if you have'm.

  • 6
  • 7
  • 19 hours ago

Overview

  • Cisco
  • Cisco Identity Services Engine Software

25 Jun 2025
Published
26 Jun 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.11%

KEV

Description

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Statistics

  • 3 Posts

Fediverse

Profile picture

Cisco is warning about two critical vulnerabilities in Identity Services Engine (ISE)

Vulnerabilities: Insufficient validation of user input; Poor file validation

Impact: Allows an attacker to execute arbitrary commands, and upload arbitrary files and execute with root privileges

Vulnerability IDs: CVE-2025-20281, CVE-20282

Remediation: Upgrade ISE to 3.3 Patch 6 or 3.4 Patch 2 or later

#cybersecurity #vulnerabilitymanagement #Cisco

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 1 hour ago
Profile picture

🚨CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

• CVSS: 10
• ZoomEye Dork: app="Cisco ISE"
• Results: 1,937
• Advisory:
github.com/advisories/GHSA-rc4f-42xm-hvjwgithub.com/advisories/GHSA-w8p2-wjjr-hr24

• PoC: github.com/abrewer251/CVE-2025-20281-2-Citrix-ISE-RCE

• ZoomEye Search: zoomeye.ai/searchResult?q=YXBwPSJDaXNjbyBJU0Ui

—————

Follow @zoomeye_team's official Twitter/X account and send the message “Dark Web Informer” via DM to receive an extra 15-day membership. 💙

  • 0
  • 0
  • 18 hours ago
Profile picture

Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector

Cisco ha segnalato due vulnerabilità RCE critiche che non richiedono autenticazione e interessano Cisco Identity Services Engine (ISE) e Passive Identity Connector (ISE-PIC). Alle vulnerabilità sono stati assegnati gli identificatori CVE-2025-20281 e CVE-2025-20282 e hanno ottenuto il punteggio massimo di 9,8 punti su 10 sulla scala CVSS. Il primo problema riguarda le versioni 3.4 e 3.3 di ISE e ISE-PIC, mentre il secondo riguarda solo la versione 3.4.

La causa principale dell’errore CVE-2025-20281 era l’insufficiente convalida dell’input utente in un’API esposta. Ciò consentiva a un aggressore remoto e non autenticato di inviare richieste API contraffatte per eseguire comandi arbitrari come utente root. Il secondo problema, CVE-2025-20282, era causato da una convalida dei file insufficiente nell’API interna, che consentiva la scrittura di file in directory privilegiate. Questo bug consentiva ad aggressori remoti non autenticati di caricare file arbitrari sul sistema di destinazione ed eseguirli con privilegi di root.

La piattaforma Cisco Identity Services Engine (ISE) è progettata per gestire le policy di sicurezza di rete e il controllo degli accessi e in genere funge da motore di controllo degli accessi alla rete (NAC), gestione delle identità e applicazione delle policy. Questo prodotto è un elemento chiave della rete aziendale ed è spesso utilizzato da grandi aziende, enti governativi, università e fornitori di servizi.

Gli esperti Cisco segnalano che finora non si sono verificati casi di sfruttamento attivo di nuove vulnerabilità (né exploit resi pubblici), ma si consiglia a tutti gli utenti di installare gli aggiornamenti il prima possibile. Gli utenti dovrebbero aggiornare alla versione 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4) e alla versione 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1) o successive. Non esistono soluzioni alternative per risolvere i problemi senza applicare patch.

E’ ovvio che con vulnerabilità di tale entità, sia necessario procedere con urgenza all’aggiornamento delle patch, al fine di prevenire possibili tentativi di violazione. Il fornitore raccomanda pertanto di effettuare tempestivamente gli aggiornamenti necessari.

L'articolo Cisco centra il bersaglio: 9,8 su 10 per due RCE su Identity Services Engine e Passive Identity Connector proviene da il blog della sicurezza informatica.

  • 0
  • 0
  • 4 hours ago

Overview

  • TrendMakers
  • Sight Bulb Pro Firmware ZJ_CG32-2201

27 Jun 2025
Published
27 Jun 2025
Updated

CVSS v3.1
MEDIUM (5.4)
EPSS
0.03%

KEV

Description

Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string.

Statistics

  • 1 Post
  • 19 Interactions

Fediverse

Profile picture

Internet. Of. Shit.

Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string.

nvd.nist.gov/vuln/detail/CVE-2

  • 7
  • 12
  • 23 hours ago

Overview

  • Pilz
  • IndustrialPI 4 with Firmware Bullseye

01 Jul 2025
Published
01 Jul 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.

Statistics

  • 2 Posts
  • 6 Interactions

Fediverse

Profile picture
  • 1
  • 1
  • 5 hours ago
Profile picture

July is starting off with a perfect 10 in some OT kit. 🥳

certvde.com/en/advisories/VDE-

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.

nvd.nist.gov/vuln/detail/CVE-2

certvde.com/en/advisories/VDE-

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 3
  • 1 hour ago

Overview

  • TeamViewer
  • Full Client

24 Jun 2025
Published
24 Jun 2025
Updated

CVSS v3.1
HIGH (7.0)
EPSS
0.02%

KEV

Description

Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.

Statistics

  • 1 Post
  • 12 Interactions

Fediverse

Profile picture

Oh hey, now if the baddies get your box, you can privesc to get it back.

teamviewer.com/en/resources/tr

Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management.

nvd.nist.gov/vuln/detail/CVE-2

  • 4
  • 8
  • 17 hours ago
Showing 1 to 10 of 114 CVEs