CVE-2025-27591

Medium CVSS: 6.8

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

Vendor

Facebook

Product

Below

CWE

CWE-732

Yayın Tarihi

2025-03-11 19:15:43

Güncelleme

2025-07-03 14:40:01

Source Identifier

cve-assign@fb.com

KEV Date Added

Kategoriler

CWE-732 Below MEDIUM Facebook 2025

Referanslar

https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3 https://www.facebook.com/security/advisories/cve-2025-27591 http://www.openwall.com/lists/oss-security/2025/03/12/1

Benzer Kayıtlar

High

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-ser…

High

CVE-2025-67779

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a den…

Medium

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 1…

High

CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 1…

Critical

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1…

Medium

CVE-2025-55181

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuic…