Hackers are actively exploiting a critical vulnerability (CVE-2025–32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, describing it as “an inclusion of functionality from untrusted control sphere.”

CISA has given federal agencies until October 20 to apply the official mitigations or discontinue the use of sudo.