CVE-2025-27446

Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are r...

CVE-2025-46647

A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: Use the openid-connect plugin with introspection mode The auth service connected to openid-connect provides services to multiple issuers Multiple issuer...