CVE-2025-27446
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-06

Last updated on: 2025-11-04

Assigner: Apache Software Foundation

Description
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-06
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-07-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-27446
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache apisix From 0.2 (inc) to 0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Incorrect Permission Assignment for a Critical Resource in the Apache APISIX java-plugin-runner. Specifically, local listening file permissions are set incorrectly, which allows a local attacker to elevate their privileges on the system.


How can this vulnerability impact me? :

The vulnerability can allow a local attacker to gain elevated privileges, potentially leading to unauthorized access or control over the affected system running Apache APISIX java-plugin-runner versions 0.2.0 through 0.5.0.


What immediate steps should I take to mitigate this vulnerability?

Users are recommended to upgrade Apache APISIX(java-plugin-runner) to version 0.6.0 or higher, which fixes the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart