CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR,...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 06, 2023
Published Date: January 18, 2023
Last Updated: April 04, 2025
Vendor: n/a
Product: n/a
Description: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: none
Technical Impact: total

Exploit Status

Proof of Concept Available: Yes (added 2023-01-21 15:19:23 UTC) Source

References

https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf https://www.sudo.ws/security/advisories/sudoedit_any/ https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html https://www.debian.org/security/2023/dsa-5321 http://www.openwall.com/lists/oss-security/2023/01/19/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/ https://security.netapp.com/advisory/ntap-20230127-0015/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/ http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html https://security.gentoo.org/glsa/202305-12 https://support.apple.com/kb/HT213758 http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html http://seclists.org/fulldisclosure/2023/Aug/21 http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-04-15 14:28:37 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/sudoedit_bypass_priv_esc.rb	2025-04-28 15:02:13 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

sudoedit_bypass_priv_esc

Type: metasploit • Created: Unknown

Metasploit module for CVE-2023-22809

AntiVlad/CVE-2023-22809

Type: github • Created: 2024-08-14 07:48:10 UTC • Stars: 0

Toothless5143/CVE-2023-22809

Type: github • Created: 2023-08-06 06:46:40 UTC • Stars: 2

Running this exploit on a vulnerable system allows a local attacker to gain a root shell on the machine.

asepsaepdin/CVE-2023-22809

Type: github • Created: 2023-07-10 06:38:14 UTC • Stars: 6

pashayogi/CVE-2023-22809

Type: github • Created: 2023-06-25 15:11:01 UTC • Stars: 0

AiK1d/CVE-2023-22809-sudo-POC

Type: github • Created: 2023-04-06 03:11:48 UTC • Stars: 7

CVE-2023-22809 Linux Sudo

M4fiaB0y/CVE-2023-22809

Type: github • Created: 2023-02-22 17:50:03 UTC • Stars: 6

n3m1sys/CVE-2023-22809-sudoedit-privesc

Type: github • Created: 2023-01-21 15:19:23 UTC • Stars: 155

A script to automate privilege escalation with CVE-2023-22809 vulnerability

Timeline

CVE ID Reserved

January 06, 2023
CVE Published to Public

January 18, 2023
Proof of Concept Exploit Available

January 21, 2023
Detected by Metasploit

April 28, 2025
Added to KEVIntel

April 15, 2026