CVE-2025-27591: Below has Incorrect Permission Assignment for Critical Resource
(updated )
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
References
- github.com/advisories/GHSA-9mc5-7qhg-fp3w
- github.com/facebookincubator/below
- github.com/facebookincubator/below/commit/10e73a21d67baa2cd613ee92ce999cda145e1a83
- github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3
- github.com/facebookincubator/below/security/advisories/GHSA-9mc5-7qhg-fp3w
- nvd.nist.gov/vuln/detail/CVE-2025-27591
- www.facebook.com/security/advisories/cve-2025-27591
Code Behaviors & Features
Detect and mitigate CVE-2025-27591 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →