Privilege Escalation Vulnerability in Below Service by Facebook
CVE-2025-27591

6.8MEDIUM

Key Information:

Vendor: Meta Platforms, Inc
Status: Below
Vendor: CVE Published:; 11 March 2025

🔔 Create Meta Platforms, Inc Vulnerability Alert

What is CVE-2025-27591?

A privilege escalation vulnerability was identified in the Below service prior to version 0.9.0. This vulnerability arises from the creation of a world-writable directory located at /var/log/below. As a result, local unprivileged users can exploit this flaw through symlink attacks, potentially manipulating sensitive files, including /etc/shadow, to gain unauthorized root privileges. It is crucial for users to upgrade to the latest version to mitigate the associated risks.

Affected Version(s)

below 0.0.0 < 0.9.0

References

https://www.facebook.com/security/advisories/cve-2025-27591

x_refsource_CONFIRM

https://github.com/facebookincubator/below/commit/da9382e...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Mar 3, 2025