CVE-2025-32463 looks bad. Systems with sudo versions 1.9.14 to 1.9.17 and support for /etc/nsswitch.conf (that's most modern dists) allow users not even in sudoers to acquire root by sudo --chroot on a chroot they can write into.

https://seclists.org/oss-sec/2025/q2/288

The --chroot flag is now deprecated. I guess there must be a few build systems affected by that.

BTW is the CSS on TFA making the text unreadably low contrast for others too?

Readable: https://www.stratascale.com/vulnerability-alert-CVE-2025-324...