https://blog.qife122.com/tags/facebook-below/ Recent content in Facebook Below on 办公AI智能小助手 Hugo zh-cn qife Sat, 13 Sep 2025 10:23:58 +0800 https://blog.qife122.com/p/facebook-below%E7%BB%84%E4%BB%B6%E5%85%B3%E9%94%AE%E8%B5%84%E6%BA%90%E6%9D%83%E9%99%90%E5%88%86%E9%85%8D%E4%B8%8D%E5%BD%93%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E8%AF%A6%E8%A7%A3cve-2025-27591/ Sat, 13 Sep 2025 10:23:58 +0800 https://blog.qife122.com/p/facebook-below%E7%BB%84%E4%BB%B6%E5%85%B3%E9%94%AE%E8%B5%84%E6%BA%90%E6%9D%83%E9%99%90%E5%88%86%E9%85%8D%E4%B8%8D%E5%BD%93%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E8%AF%A6%E8%A7%A3cve-2025-27591/ <h2 id="漏洞利用facebook-below关键资源权限分配不当cve-2025-27591">漏洞利用：Facebook Below关键资源权限分配不当（CVE-2025-27591）</h2> <p>2025-07-16 | CVSS 6.8</p> <h2 id="概念验证proof-of-concept">概念验证（Proof-Of-Concept）</h2> <h3 id="使用方法">使用方法</h3> <ol> <li>构建漏洞利用程序</li> </ol> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">go build -o poc exploit.go </span></span></code></pre></td></tr></table> </div> </div><ol start="2"> <li>将生成的二进制文件移动到目标机器</li> </ol> <h2 id="参考链接">参考链接</h2> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-27591">https://nvd.nist.gov/vuln/detail/CVE-2025-27591</a><br> <a href="https://access.redhat.com/security/cve/cve-2025-27591">https://access.redhat.com/security/cve/cve-2025-27591</a><br> <a href="https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3">https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3</a><br> <a href="https://github.com/BridgerAlderson/CVE-2025-27591-PoC/tree/main">https://github.com/BridgerAlderson/CVE-2025-27591-PoC/tree/main</a></p>