CVE-2025-27591

MEDIUM
2025-03-11 [email protected] GHSA-9mc5-7qhg-fp3w
Privilege Escalation Suse
6.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
PoC Detected
Jul 03, 2025 - 14:40 vuln.today
Public exploit code
Patch Released
Jul 03, 2025 - 14:40 nvd
Patch available
CVE Published
Mar 11, 2025 - 19:15 nvd
MEDIUM 6.8

DescriptionNVD

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

AnalysisAI

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow. [CVSS 6.8 MEDIUM]

Technical ContextAI

This vulnerability (CWE-732: Incorrect Permission Assignment for Critical Resource) exists in the Below component. A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

Affected ProductsAI

Component: Below.

RemediationAI

A vendor patch is available — apply it immediately.

Vendor StatusVendor

Share

CVE-2025-27591 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy