CVE-2025-27446

Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges

Description

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.

INFO

Published Date :

2025-07-06T06:05:15.144Z

Last Modified :

2025-07-06T06:05:15.144Z

Source :

apache

AFFECTED PRODUCTS

The following products are affected by CVE-2025-27446 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27446.

URL	Resource
https://lists.apache.org/thread/qwxnxolt0j5nvjfpr0mlz6h7nrtvyzng

CVE-2025-27446

Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges

Description

INFO

2025-07-06T06:05:15.144Z

2025-07-06T06:05:15.144Z

apache

AFFECTED PRODUCTS

REFERENCES

CVSS Vulnerability Scoring System