CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-27446

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.8%

CVSS Severity

CVSS v3 Score 7.8

References

https://lists.apache.org/thread/qwxnxolt0j5nvjfpr0mlz6h7nrtvyzng

Products affected by CVE-2025-27446

Apache » Apisix » Version: 0.2

cpe:2.3:a:apache:apisix:0.2
Apache » Apisix » Version: 0.3

cpe:2.3:a:apache:apisix:0.3
Apache » Apisix » Version: 0.3-1

cpe:2.3:a:apache:apisix:0.3-1
Apache » Apisix » Version: 0.4.1

cpe:2.3:a:apache:apisix:0.4.1
Apache » Apisix » Version: 0.5

cpe:2.3:a:apache:apisix:0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-27446

Products

Pricing

Contact Us