CVE-2025-27446
published 2025-07-06CVE-2025-27446: Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.
This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.
Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apisix | 0.2 – 0.5 | — |
| apache_software_foundation | apache_apisix_java_plugin_runner | 0.2.0 – 0.5.0 | — |
| msrc | cbl2_mariadb_10.6.9-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_mariadb_10.3.36-1_on_cbl_mariner_1.0 | — | — |