Privilege Escalation Vulnerability in Below Service by Facebook
CVE-2025-27591

6.8MEDIUM

Key Information:

Vendor: Meta Platforms, Inc
Status: Below
Vendor: CVE Published:; 11 March 2025

🔔 Create Meta Platforms, Inc Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-27591?

A privilege escalation vulnerability was identified in the Below service prior to version 0.9.0. This vulnerability arises from the creation of a world-writable directory located at /var/log/below. As a result, local unprivileged users can exploit this flaw through symlink attacks, potentially manipulating sensitive files, including /etc/shadow, to gain unauthorized root privileges. It is crucial for users to upgrade to the latest version to mitigate the associated risks.

Affected Version(s)

below 0.0.0 < 0.9.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-27591-PoC
Created by BridgerAlderson

CVE-2025-27591
Created by rvizx

CVE-2025-27591
Created by obamalaolu

References

https://www.facebook.com/security/advisories/cve-2025-27591

x_refsource_CONFIRM

https://github.com/facebookincubator/below/commit/da9382e...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 13, 2025
👾
Exploit known to exist
Jul 13, 2025
Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Mar 3, 2025