Sudo is Broken: Now Anyone Can Be Root
Update your system immediately before hackers exploit the vulnerability.
Update your system immediately before hackers exploit the vulnerability.
Millions of Linux systems worldwide are at risk due to a critical new vulnerability in the sudo utility, which allows attackers to gain root privileges and take full control of a server. What makes the situation especially serious is that the issue affects not just individual workstations, but also critical infrastructure — including Ubuntu and Fedora servers.
Sudo is a tool used to run commands with administrative privileges on Unix-like systems. It was in this very tool that researchers from the Stratascale Cyber Research Unit discovered two critical flaws. According to their report, the vulnerability is so easy to exploit that any local user could obtain full access to the system within minutes.
The issue was introduced in sudo version 1.9.14, released in June 2023, and was only patched on June 30, 2025 in version 1.9.17p1. However, in the two years between, the vulnerability spread to millions of systems, many of which remain unpatched.
Researchers emphasize that no special permissions or prior configurations are needed to exploit the flaw. It stems from a rarely used feature — the chroot option in sudo. This option is intended to isolate processes within a specific directory, simulating a separate root environment. However, due to the discovered bugs, attackers can break out of this isolation and gain complete system control.
To exploit the flaw, an attacker can create a custom /etc/nsswitch.conf file inside their own directory used as the root for the chroot environment. This file determines how the system resolves usernames, groups, hosts, and other resources. By modifying it, the attacker can inject a malicious shared library that is then executed with root privileges.
The developers of sudo have confirmed the issue and officially disabled the chroot option in version 1.9.17p1. However, many systems remain vulnerable. For example, German tech publication heise.de reported that even fresh Ubuntu virtual machines from major German cloud providers were being shipped with outdated and vulnerable sudo versions, despite the fix being available.
Stratascale researchers also released a proof-of-concept script, demonstrating how an attacker could compile a malicious library, create a temporary directory structure, place the necessary files, and exploit the vulnerability to gain full system access.
Given the gravity of the issue, system administrators are strongly urged to immediately update sudo packages to the latest version. There are no alternative mitigations — updating is the only way to secure affected systems. Admins should also audit system configurations to ensure that the chroot option is not in use. This includes reviewing all rules in /etc/sudoers and /etc/sudoers.d. If configurations are stored in LDAP, specialized tools should be used to retrieve and verify them.
Considering the scale of Linux deployments and the critical role of Ubuntu and Fedora servers in global infrastructure, the consequences of this vulnerability could be severe.
