CVE-2025-27446
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/07/2025
Last modified:
06/07/2025
Description
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).<br />
<br />
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.<br />
This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.<br />
<br />
Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.