
We found results for “”
CVE-2025-27446
Good to know:


Date: July 6, 2025
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
Severity Score
Severity Score
Weakness Type (CWE)
Incorrect Permission Assignment for Critical Resource
CWE-732Top Fix

Upgrade Version
Upgrade to version org.apache.apisix:apisix-runner-core:0.6.0;https://github.com/apache/apisix-java-plugin-runner.git - 0.6.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |