7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-27591

GHSA ID

GHSA-9mc5-7qhg-fp3w

EPSS Score

0.0344%

CWE

CWE-732

Published

3/11/2025

Updated

3/12/2025

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-27591

CVE-2025-27591: Below has Incorrect Permission Assignment for Critical Resource

Impact

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

Patches

https://github.com/facebookincubator/below/commit/10e73a21d67baa2cd613ee92ce999cda145e1a83

This is included in version 0.9.0

Workarounds

Change the permission on /var/log/below manually

References

https://www.facebook.com/security/advisories/cve-2025-27591 https://www.cve.org/CVERecord?id=CVE-2025-27591

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-27591

GHSA ID

GHSA-9mc5-7qhg-fp3w

EPSS Score

0.0344%

CWE

CWE-732

Published

3/11/2025

Updated

3/12/2025

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
below	rust	< 0.9.0	0.9.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key functions:

create_log_dir() explicitly set 0o777 permissions for /var/log/below, making it world-writable.
logging::setup() attempted to set 0o666 permissions for log files and had unsafe fallback behavior. The commit patching the vulnerability removed create_log_dir entirely and modified logging::setup to eliminate manual permission changes, instead relying on systemd's LogsDirectory directive for secure directory creation. The CWE-732 description and advisory details about world-writable directories directly map to these functions' behavior.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * privil*** *s**l*tion vuln*r**ility *xist** in t** **low s*rvi** prior to v*.*.* *u* to t** *r**tion o* * worl*-writ**l* *ir**tory *t /v*r/lo*/**low. T*is *oul* **v* *llow** lo**l unprivil**** us*rs to *s**l*t* to root privil***s t*rou**

Reasoning

T** vuln*r**ility st*mm** *rom two k*y *un*tions: *. *r**t*_lo*_*ir() *xpli*itly s*t *o*** p*rmissions *or /v*r/lo*/**low, m*kin* it worl*-writ**l*. *. lo**in*::s*tup() *tt*mpt** to s*t *o*** p*rmissions *or lo* *il*s *n* *** uns*** **ll***k ****vi

7.8

Basic Information

Concerned about an active attack path?

CVE-2025-27591: Below has Incorrect Permission Assignment for Critical Resource

Impact

Patches

Workarounds

References

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI