{"schema_version": "1.6.1", "id": "CVE-2025-27446", "summary": "Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges", "details": "Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).\n\nLocal listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges.\nThis issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0.\n\nUsers are recommended to upgrade to version 0.6.0 or higher, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0.2.0"}, {"last_affected": "0.2.0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/qwxnxolt0j5nvjfpr0mlz6h7nrtvyzng"}]}