@thenewoil@mastodon.thenewoil.org
CVE-2025-32463 (CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because “/etc/nsswitch.conf” from a user-controlled directory is used with the --chroot option

This is a really lame CVE. Yikes.

The major one affects sudo versions 1.9.14 - 1.9.17

Note: The legacy versions of Sudo (currently <= 1.8.32) are not vulnerable because the chroot feature does not exist.

The minor one has been a 12-year bug.