Is SMG vulnerable to CVE-2025-32463
search cancel

Is SMG vulnerable to CVE-2025-32463

book

Article ID: 403301

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

The security team wants to know if Symantec Messaging Gateway is vulnerable to CVE-2025-32463 in any supported configuration.

Environment

SMG 10.9

Resolution

Symantec Messaging Gateway (SMG) is not affected by this vulnerability. The sudo version used in SMG is 1.9.5p2, which does not include the --chroot option introduced in later versions and required to exploit this CVE.

Additionally, the restricted use of the support account—only enabled temporarily at Broadcom Support's request—further limits exposure.

Powered by Wolken Software