关联漏洞
标题:
below 安全漏洞
(CVE-2025-27591)
描述:below是Meta Incubator开源的一个现代 Linux 系统的资源监视器。 below v0.9.0之前版本存在安全漏洞,该漏洞源于创建了全局可写目录,可能导致通过符号链接攻击提升到root权限。
描述
PoC for CVE-2025-27591 – Local privilege escalation in the below monitoring tool. By symlinking its log file to /etc/passwd, an attacker can inject a root account and gain full system compromise.
介绍
# below-log-race-poc CVE-2025-27591 Exploit (Below privilege escalation)
## Description
This repository contains a proof-of-concept exploit for **CVE-2025-27591**, a privilege escalation vulnerability in the `below` utility.
The issue arises because `below` mishandles log files under `/var/log/below/`, allowing attackers to replace logs with symlinks to sensitive files such as `/etc/passwd`.
By leveraging this, an unprivileged user can inject a new root user entry and escalate privileges.
## Exploit Script
The exploit is implemented as a simple Bash script (`exploit_CVE-2025-27591.sh`) which:
1. Backs up the original `/etc/passwd`.
2. Creates a malicious symlink from `/var/log/below/error_root.log` to `/etc/passwd`.
3. Runs `below` in a loop until `/etc/passwd` becomes writable.
4. Injects a new root-level user (`root2`, password: `1`).
5. Provides interactive root shell access with `su - root2`.
## Usage
```bash
chmod +x exploit_CVE-2025-27591.sh
./exploit_CVE-2025-27591.sh
su - root2 # password: 1
文件快照
[4.0K] /data/pocs/14b9e45b5f7d7cdf0a196e76a574054cb52b0240
├── [1.5K] exploit_CVE-2025-27591.sh
├── [1.0K] LICENSE
└── [1.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。