Daily Briefing for 07.03.25

At a glance.

• Critical sudo flaw allows Linux users to gain root privileges.
• Cisco patches maximum-severity flaw in Unified Communications Manager.
• Hunters International shuts down operations.

Critical sudo flaw allows Linux users to gain root privileges.

Researchers at Stratascale have discovered two elevation-of-privilege flaws affecting the Linux sudo utility, Infosecurity Magazine reports. One of the flaws has been assigned a CVSS score of 9.3. Patches were distributed last week, and administrators should ensure they've installed sudo 1.9.17p1 or later.

The more serious of the two flaws, CVE-2025-32463, was introduced in June 2023 with sudo v1.9.14, and can allow any local unprivileged user to escalate privileges to root. Stratascale explains, "The issue arises from allowing an unprivileged user to invoke chroot() on a writable, untrusted path under their control. Sudo calls chroot() several times, regardless of whether the user has corresponding Sudo rule configured. Allowing a low-privileged user the ability to call chroot() with root authority to a writable location can have various security risks." The researchers found that "any local user can trick Sudo into loading an arbitrary shared object, resulting in arbitrary code execution as root."

Cisco patches maximum-severity flaw in Unified Communications Manager.

Cisco has patched a maximum-severity vulnerability affecting the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, the Register reports. The flaw, tracked as CVE-2025-20309, "could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted." Cisco notes that the vulnerability is "due to the presence of static user credentials for the root account that are reserved for use during development."

The company has released patches, noting that there's no workaround for the flaw.

Hunters International shuts down operations.

The Hunters International ransomware-as-a-service enterprise is shutting down its operations and offering free decryptors to its previous victims, BleepingComputer reports. The criminal gang said it made the decision to shut down after "careful consideration and in light of recent developments."

It's unclear what the group means by "recent developments," but BleepingComputers notes that Hunters previously said they were planning to shut down due to increasing pressure from law enforcement.