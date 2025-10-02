news
Sudo Flaw and Red Hat's Morbid Obsession with Slop ("Hey Hi") Costs It Dearly
Hacker News ☛ CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025.
Bleeping Computer ☛ CISA warns of critical Linux Sudo flaw exploited in attacks
CISA has given federal agencies until October 20 to apply the official mitigations or discontinue the use of sudo.
The Register UK ☛ 'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover [Ed: The "AI revolution" is going very well]
A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.
"A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator," the IBM subsidiary warned in a security alert published earlier this week.
"This allows for the complete compromise of the cluster's confidentiality, integrity, and availability," the alert continues. "The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it."