CVE-2025-27591 PoC — below 安全漏洞

Source

https://github.com/Cythonic1/CVE-2025-27591

Associated Vulnerability

Title:below 安全漏洞 (CVE-2025-27591)
Description:below是Meta Incubator开源的一个现代 Linux 系统的资源监视器。 below v0.9.0之前版本存在安全漏洞，该漏洞源于创建了全局可写目录，可能导致通过符号链接攻击提升到root权限。

Description

a C exploit for CVE-2025-27591, which allow an attacker to escalate privilege to root.

Readme

# CVE-2025-27591 

## description
Basically `below` tool allow for universal modification on its log file which lead to privilege escalation as root.


## details.
The log file created by `below` is world-writable, allowing any user to modify or replace it. 
An attacker can exploit this by creating a symbolic link from the log file to /etc/passwd.

If the attacker can trigger an error in `below` that logs arbitrary input, and crafts that input in 
the format of a valid /etc/passwd entry, they can inject a new root user into the system.

In order for the exploit to work the attacker should be able to execute the `below` command as it should be run
as `root` then the user must have `sudo` permission or a way to run it.

## Compiling. 
```bash
git clone https://github.com/Cythonic1/CVE-2025-27591
cd CVE-2025-27591
gcc -static -W -Wall main.c ./libcrypt.a -o exploit
```

## usage
```bash
./exploit <username> <password>
```

File Snapshot


 [4.0K]  /data/pocs/32b75fdaa5654dcbda84ad1b804fc605af5f93a0
├── [913K]  libcrypt.a
├── [1.0K]  LICENCE
├── [2.6K]  main.c
└── [ 934]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!