On June 30, 2025, Linux sudo publicly disclosed a high-risk vulnerability numbered CVE-2025-32463, which allows regular users without permissions to escalate to root privileges. To ensure the security of Elastic Compute Service (ECS) instances, Alibaba Cloud has initiated emergency response procedures and recommends customers check their relevant assets. If your existing instances are within the affected scope, you should update the official patches promptly. For new instances, we recommend choosing operating system images that are not affected by this vulnerability.
Detected vulnerability
Vulnerability number: CVE-2025-32463
Vulnerability severity: high
Impact scope: ECS instances with sudo software versions between 1.9.14 and 1.9.17 (inclusive) are affected by this vulnerability. Alibaba Cloud Linux is not affected by this vulnerability.
Remediation recommendations
For affected operating systems, please refer to the official announcements from the distribution to upgrade the sudo software to a secure version.
Detection method
You can use the command sudo --version to check if the version number is between 1.9.14 and 1.9.17 (inclusive).
Remediation methods
Method 1: Log on to the ECS instance and use software update commands such as yum or apt to update sudo to the latest version.
Method 2: Use the vulnerability repair feature of Security Center to fix with one click. This feature only supports some operating systems. For more information, see Vulnerability management.
Announcing party
Alibaba Cloud Computing Co., Ltd.