Published: 11/03/2025 Updated: 12/03/2025

Local Privilege Escalation in Below Service via World-Writable Directory

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
meta platforms, inc below

Hello list, this is a report about a local root exploit issue in Below We shared this report with the linux-distros mailing list on 2025-03-07 and suggested an embargo of 5 days, which ends today Please find the full report below We also offer a rendered version of this report on our blog [1] 1) Introduction =============== Below [2] is a to ...

https://nvd.nist.gov https://seclists.org/oss-sec/2025/q1/201 https://www.first.org/epss https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3 https://www.facebook.com/security/advisories/cve-2025-27591 http://www.openwall.com/lists/oss-security/2025/03/12/1

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-27591

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect