Hey OSS-Team,

I would like to request the recommended method to remediate the sudo vulnerability on AIX, along with official references to confirm to my customer that the issue can be fully resolved.

Thanks,

Sarawut

------------------------------
Sarawuth Mammoon
------------------------------

Hi Sarawuth,

The latest version of sudo available in AIX Toolbox is 1.9.17p2. One can update to this version to fix this CVE.

Please refer https://www.sudo.ws/security/advisories/chroot_bug/ for more details.

Thanks!

------------------------------
RESHMA KUMAR

Original Message:
Sent: Mon November 24, 2025 03:26 AM
From: Sarawuth Mammoon
Subject: CVE-2025-32463 Vulnerability in sudo

Hey OSS-Team,

I would like to request the recommended method to remediate the sudo vulnerability on AIX, along with official references to confirm to my customer that the issue can be fully resolved.

Thanks,

Sarawut

------------------------------
Sarawuth Mammoon
------------------------------

Hi Reshma,

Thank you for the information and the reference link.

I would like to confirm one more point:
My AIX system is currently running sudo version 1.8.8.
According to the information in the link you provided, the affected versions are 1.9.14 through 1.9.17.

Does this mean that version 1.8.8 is not impacted by CVE-2025-32463, and therefore does not require an update for this specific vulnerability?

Thank,

Sarawuth

Hi Sarawuth,

The latest version of sudo available in AIX Toolbox is 1.9.17p2. One can update to this version to fix this CVE.

Please refer https://www.sudo.ws/security/advisories/chroot_bug/ for more details.

Thanks!

------------------------------
RESHMA KUMAR

Original Message:
Sent: Mon November 24, 2025 03:26 AM
From: Sarawuth Mammoon
Subject: CVE-2025-32463 Vulnerability in sudo

Hey OSS-Team,

I would like to request the recommended method to remediate the sudo vulnerability on AIX, along with official references to confirm to my customer that the issue can be fully resolved.

Thanks,

Sarawut

------------------------------
Sarawuth Mammoon
------------------------------

Hi Sarawuth,
sudo 1.8.8 is not affected by CVE-2025-32463. However, it is good to update as this version is quite old. 

Hi Reshma,

Thank you for the information and the reference link.

I would like to confirm one more point:
My AIX system is currently running sudo version 1.8.8.
According to the information in the link you provided, the affected versions are 1.9.14 through 1.9.17.

Does this mean that version 1.8.8 is not impacted by CVE-2025-32463, and therefore does not require an update for this specific vulnerability?

Thank,

Sarawuth

Hi Sarawuth,

The latest version of sudo available in AIX Toolbox is 1.9.17p2. One can update to this version to fix this CVE.

Please refer https://www.sudo.ws/security/advisories/chroot_bug/ for more details.

Thanks!

------------------------------
RESHMA KUMAR

Original Message:
Sent: Mon November 24, 2025 03:26 AM
From: Sarawuth Mammoon
Subject: CVE-2025-32463 Vulnerability in sudo

Hey OSS-Team,

I would like to request the recommended method to remediate the sudo vulnerability on AIX, along with official references to confirm to my customer that the issue can be fully resolved.

Thanks,

Sarawut

------------------------------
Sarawuth Mammoon
------------------------------