PT-2025-10891 · Below · Below
Matthias Gerstner
·
Published
2025-01-20
·
Updated
2026-02-16
·
CVE-2025-27591
CVSS v4.0
7.3
High
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Below versions prior to 0.9.0
Description
A flaw exists in the Below service that allows for privilege escalation. This is due to the creation of a world-writable directory located at
/var/log/below. Local, unprivileged users could exploit this by using symlink attacks to manipulate critical system files, such as /etc/shadow, and gain root privileges. The vulnerability is related to incorrect permission assignments for a critical resource.Recommendations
Versions prior to 0.9.0 should be updated to version 0.9.0 or later.
Exploit
Fix
LPE
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Below