Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.
This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.
Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Jul 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Sun, 06 Jul 2025 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue. | |
Title | Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges | |
Weaknesses | CWE-732 | |
References |
|

Status: PUBLISHED
Assigner: apache
Published: 2025-07-06T06:05:15.144Z
Updated: 2025-07-11T03:55:32.760Z
Reserved: 2025-02-26T05:18:04.477Z
Link: CVE-2025-27446

Updated: 2025-07-07T19:44:49.712Z

Status : Awaiting Analysis
Published: 2025-07-06T06:15:21.587
Modified: 2025-07-08T18:15:27.460
Link: CVE-2025-27446

No data.