Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.
This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.
Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
References
| Link | Resource |
|---|---|
| https://lists.apache.org/thread/qwxnxolt0j5nvjfpr0mlz6h7nrtvyzng | Mailing List Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2025/07/06/1 | |
| http://www.openwall.com/lists/oss-security/2025/07/07/1 |
Configurations
History
No history.
Information
Published : 2025-07-06 06:15
Updated : 2025-11-04 22:16
NVD link : CVE-2025-27446
Mitre link : CVE-2025-27446
CVE.ORG link : CVE-2025-27446
JSON object : View
Products Affected
apache
- apisix
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource