CVE-2025-27446 Information
Jul 07, 2025
cve
Description
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.
Users are recommended to upgrade to version 0.6.0 or higher which fixes the issue.
Reference
https://lists.apache.org/thread/qwxnxolt0j5nvjfpr0mlz6h7nrtvyzng
Related CNNVD
CNNVD-202507-590 (Published: 2025-07-06)
Share on: