Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27446

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.

Published

2025-07-06T06:15:21.587

Last Modified

2025-07-14T18:10:20.817

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	apisix	≤ 0.5	Yes

References

https://lists.apache.org/thread/qwxnxolt0j5nvjfpr0mlz6h7nrtvyzng Mailing List, Vendor Advisory ([email protected])