Apache Apisix elevation of privilege vulnerability (CNVD-2025-20873)

Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...

CVE-2025-27446

CVE-2025-27446 affects Apache APISIX (java-plugin-runner) from version 0.2.0 through 0.5.0. The root cause is improper permissions on a local listening file, enabling a local attacker to elevate privileges. The issue’s impact is high (local, user-privilege escalation with high confidentiality/int...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service of the U.S. Apache Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . An elevation of privilege...

PT-2025-28065 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIXjava-plugin-runner versions 0.2.0 through 0.5.0 Description: The issue is related to incorrect permission assignment for critical resources in the Apache APISIX java-plugin-runner, allowing a local attacker to elevate privileges...