关联漏洞
标题:below 安全漏洞 (CVE-2025-27591)Description:below是Meta Incubator开源的一个现代 Linux 系统的资源监视器。 below v0.9.0之前版本存在安全漏洞,该漏洞源于创建了全局可写目录,可能导致通过符号链接攻击提升到root权限。
Description
Below <v0.9.0 PoC Privilege Escalation Exploit
介绍
# CVE-2025-27591
## Below <v0.9.0 PoC Privilege Escalation Exploit
## Disclaimer
This exploit is intended for **educational purposes only**. It is designed to help users understand security vulnerabilities and improve their knowledge of cybersecurity. The author does not condone any illegal activities or unauthorized access to systems. Use this information responsibly and only in environments where you have explicit permission to test.
## Description:
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
文件快照
[4.0K] /data/pocs/1806cc14be4874bc4067ee54946146d1363d5349
├── [1.2K] exploit.sh
└── [ 758] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。