High severityNVD Advisory· Published Mar 11, 2025· Updated Mar 21, 2025
CVE-2025-27591
CVE-2025-27591
Description
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
belowcrates.io | < 0.9.0 | 0.9.0 |
Affected products
3- ghsa-coords2 versions
< 0.9.0+ 1 more
- (no CPE)range: < 0.9.0
- (no CPE)range: < 20260213-1.1
- Meta Platforms, Inc/belowv5Range: 0.0.0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-9mc5-7qhg-fp3wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27591ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/03/12/1ghsaWEB
- github.com/facebookincubator/below/commit/10e73a21d67baa2cd613ee92ce999cda145e1a83ghsaWEB
- github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3ghsax_refsource_MISCWEB
- github.com/facebookincubator/below/security/advisories/GHSA-9mc5-7qhg-fp3wghsaWEB
- rustsec.org/advisories/RUSTSEC-2025-0149.htmlghsaWEB
- www.facebook.com/security/advisories/cve-2025-27591ghsax_refsource_CONFIRMWEB
- www.openwall.com/lists/oss-security/2025/03/12/1ghsaWEB
News mentions
0No linked articles in our index yet.