Home

Description

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

PUBLISHED Reserved 2025-03-03 | Published 2025-03-11 | Updated 2025-03-21 | Assigner facebook

Problem types

Incorrect Permission Assignment for Critical Resource (CWE-732)

Product status

Default status
unaffected

0.0.0 (semver) before 0.9.0
affected

References

www.openwall.com/lists/oss-security/2025/03/12/1

www.facebook.com/security/advisories/cve-2025-27591

github.com/...ommit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3

cve.org (CVE-2025-27591)

nvd.nist.gov (CVE-2025-27591)

Download JSON