Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.
Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27446.json",
"cna_assigner": "apache",
"cwe_ids": [
"CWE-732"
]
}