CNNVD-202507-135 Information

CNNVD ID

CNNVD-202507-135

Related CVE

CVE-2025-46647

• CNNVD Published: 2025-07-02

Description (Chinese)

Apache Apisix是美国阿帕奇（Apache）基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现，具备动态路由和插件热加载，适合微服务体系下的 API 管理。 Apache Apisix 3.12.0之前版本存在安全漏洞，该漏洞源于openid-connect插件在特定条件下可能允许跨发行者登录。

Description (English)

Apache Apisix is a micro-service API gateway service of the Apache Foundation in the United States. The software is based on OpenResty and etcd and has dynamic routing and plugin heat loads that are suitable for API management under the microservice system. There was a security loophole in the pre-Apache Apisix 3.12.0, which originated from the possibility that cross-issuers might be allowed to log in under certain conditions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-07-02

Last Modified

2026-02-24

References

https://lists.apache.org/thread/yrpp2cd3o4qkxlrh421mq8gsrt0k4x0w

Patch

https://apisix.apache.org/downloads/