Home Embedded Vulns General Vulns

CVE-2025-27446

HIGH 7.8

Our Analysis: General-Purpose

Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.

Published Date July 6, 2025
Last Modified July 14, 2025
CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).

Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.
This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.

Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.

Potentially Affected Vendors

apache