Linux sudo vulnerability CVE-2025-32462 and CVE-2025-32463 reported in vCenter Server

search cancel

Linux sudo vulnerability CVE-2025-32462 and CVE-2025-32463 reported in vCenter Server

book

Article ID: 405975

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Security scan reports vulnerability in vCenter Server for photon OS

Environment

VMware vCenter Server

Cause

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option

Resolution

VMware by Broadcom Engineering is aware of this issue and are working towards a fix.

Please refer to the release notes for forthcoming product releases for any updates in relation to this CVE.

Should you require further information please contact Broadcom Support.

Additional Information

Broadcom does not support any modifications or customizations to the underlying operating system and packages. This includes adding, updating, or removing of packages, as well as utilizing custom scripts within the operating system of the appliance. Updating or changing any components may result in unexpected behavior of the system.

From more information, refer to below articles

https://nvd.nist.gov/vuln/detail/CVE-2025-32463

VMware vCenter Server Photon OS Security Patches

FAQ: End of Support for Photon OS on vCenter Server

Feedback

thumb_up Yes

thumb_down No