CNNVD-202507-590 Information
CNNVD ID
CNNVD-202507-590
Related CVE
- CNNVD Published: 2025-07-06
Description (Chinese)
Apache Apisix是美国阿帕奇(Apache)基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现,具备动态路由和插件热加载,适合微服务体系下的 API 管理。 Apache Apisix(java-plugin-runner) 0.5.0及之前版本存在安全漏洞,该漏洞源于本地监听文件权限不当,可能导致权限提升。
Description (English)
Apache Apisix is a micro-service API gateway service of the Apache Foundation in the United States. The software is based on OpenResty and etcd and has dynamic routing and plugin heat loads that are suitable for API management under the microservice system. Apache Apisix (java-plugin-runner) has a security gap of 0.5.0 and previous versions, which stems from inappropriate local access to document listening, which may lead to an increase in access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-07-06
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-27446 https://access.redhat.com/security/cve/cve-2025-27446
Patch
https://apisix.apache.org/blog/
Share on: