Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
History

Tue, 08 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 06 Jul 2025 06:15:00 +0000

Type Values Removed Values Added
Description Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
Title Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges
Weaknesses CWE-732
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2025-07-06T06:05:15.144Z

Updated: 2025-07-11T03:55:32.760Z

Reserved: 2025-02-26T05:18:04.477Z

Link: CVE-2025-27446

cve-icon Vulnrichment

Updated: 2025-07-07T19:44:49.712Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-06T06:15:21.587

Modified: 2025-07-08T18:15:27.460

Link: CVE-2025-27446

cve-icon Redhat

No data.