We use cookies to help us improve our webpage. Please read our Cookie Policy .

ASUSTOR Product Security Advisory

AS-2025-004: Sudo

2025-07-17

Severity

Important

Status

Resolved

Statement

The Sudo team announced multiple vulnerabilities that have been fixed in the latest release of Sudo.

CVE-2025-32463 and CVE-2025-32462 affected ASUSTOR products with from ADM 4.1 to ADM 5.0. Updates with Sudo 1.9.17p1 will be released as soon as possible.

  • Sudo 1.9.17p1 has been updated on ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1 to resolve the issues.

Affected Products

Product Severity Fixed Release Availability
ADM 5.0 Important Upgrade to ADM 5.0.0.RJG2 or above.
ADM 4.1, 4.2 and 4.3 Important Upgrade to ADM 4.3.3.RJH1 or above.

Detail

  • CVE-2025-32463
    • Severity: Critical
    • Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
  • CVE-2025-32462
    • Severity: Low
    • Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Reference


Revision

Revision Date Description
1 2025-07-11 Initial public release.
2 2025-07-17 Release ADM 5.0.0.RJG2 and ADM 4.3.3.RJH1 to update Sudo version for fixing the issues.