CVE-2025-27591 – below

Package

Manager: cargo
Name: below
Vulnerable Version: >=0 <0.9.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 9e-05 pctl0.00708

Details

Below has Incorrect Permission Assignment for Critical Resource ### Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. ### Patches https://github.com/facebookincubator/below/commit/10e73a21d67baa2cd613ee92ce999cda145e1a83 This is included in version 0.9.0 ### Workarounds Change the permission on `/var/log/below` manually ### References https://www.facebook.com/security/advisories/cve-2025-27591 https://www.cve.org/CVERecord?id=CVE-2025-27591

Metadata

Created: 2025-03-11T21:12:54Z
Modified: 2025-03-21T21:51:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-9mc5-7qhg-fp3w/GHSA-9mc5-7qhg-fp3w.json
CWE IDs: ["CWE-732"]
Alternative ID: GHSA-9mc5-7qhg-fp3w
Finding: F039
Auto approve: 1