Apache APISIX Vulnerability Enables Cross-Issuer Access Under Misconfigurations
Posted: Sun Jul 06, 2025 3:14 pm
A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway.
This flaw, rated as important, could allow attackers to gain unauthorized access across different identity issuers under specific misconfigurations.
https://gbhackers.com/apache-apisix-vulnerability/
This flaw, rated as important, could allow attackers to gain unauthorized access across different identity issuers under specific misconfigurations.
https://gbhackers.com/apache-apisix-vulnerability/