Hackers exploiting critical sudo flaw: CISA wants five bugs gone by October 20th

Published: 30 September 2025
Last updated: 30 September 2025
Linux
Image by Cybernews.

CISA warns that the critical Linux Sudo flaw, unveiled in July, has been included in hackers’ arsenals and is now being actively exploited to gain superuser privileges on unpatched systems. The watchdog set aggressive deadlines for federal agencies to patch the flaws.

The critical Sudo flaw was unveiled on June 30th, 2025. On the same day, Sudo maintainers released an emergency update and an advisory. Three months later, authorities are receiving reports about hackers abusing the flaw.

The Cybersecurity Infrastructure and Security Agency (CISA) has added this flaw, which grants attackers complete control of the system, to the Known Exploited Vulnerabilities (KEV) catalog.

ADVERTISEMENT

The agency also set October 20th, 2025, as the deadline for the federal civilian agencies to patch the bug.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Sudo is a utility that allows users to run commands as the root or superuser on Linux machines. The researchers have demonstrated that it was very easy to elevate privileges to root by exploiting the chroot option in sudo.

Millions of systems were affected by this bug, and many of them remain unpatched due to administrators delaying updates for testing, stability concerns, or even simple negligence.

CISA added four additional vulnerabilities to the KEV catalog.

The conversation on this topic is live. Join in the discussion.

ADVERTISEMENT

One is a Cisco IOS and IOS XE stack-based buffer overflow vulnerability that enables remote authenticated attackers, depending on their privileges, to cause a denial of service or run remote code as root. Nearly 200,000 Cisco devices expose the affected service on the internet.

The other three flaws that must be mitigated by October 20th, 2025, are as follows:

  • Adminer server-side request forgery vulnerability from 2021 (CVE-2021-21311): the database management tool is vulnerable to remote attackers obtaining potentially sensitive information.
  • Fortra GoAnywhere MFT deserialization of untrusted data vulnerability (CVE-2025-10035): the file transfer solution is vulnerable to hackers with a validly forged license response signature, who can deserialize an arbitrary actor-controlled object, possibly leading to command injection.
  • Libraesva Email Security Gateway command injection vulnerability (CVE-2025-59689): the email security solution will run commands injected via a compressed e-mail attachment.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT