Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files.
The vulnerabilities are tracked as CVE-2025-32462 (severity score 2.8/10 - low severity), and CVE-2025-32463 (severity score 9.3/10 critical), and were found in the Sudo command-line utility for Linux and other Unix-like operating systems.
All versions before 1.9.17p1 were said to be vulnerable, with Rich Mirch, the Stratascale researcher who found the flaws, saying they were lingering for more than a decade before being discovered. They were first introduced in late 2013, he added.