CVE-2025-46647— Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-46647
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3. Multiple issuers share the same private key and relies only on the issuer being different If affected by this vulnerability, it would allow an attacker with a valid account on one of the issuers to log into the other issuer. This issue affects Apache APISIX: until 3.12.0. Users are recommended to upgrade to version 3.12.0 or higher.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用假设不可变数据进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Apisix 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Apisix是美国阿帕奇(Apache)基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现,具备动态路由和插件热加载,适合微服务体系下的 API 管理。 Apache Apisix 3.12.0之前版本存在安全漏洞,该漏洞源于openid-connect插件在特定条件下可能允许跨发行者登录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache APISIX | 0 ~ 3.12.0 | - |
II. Public POCs for CVE-2025-46647
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-46647
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Apache APISIX
- CVE-2026-31923
Apache APISIX: Openid-connect `tls_verify` field is disabled - CVE-2026-31924
Apache APISIX: Plugin tencent-cloud-cls log export uses plai - CVE-2026-31908
Apache APISIX: forward auth plugin allows header injection - CVE-2025-62232
Apache APISIX: basic-auth logs plaintext credentials at info - CVE-2024-32638
Apache APISIX: Forward-Auth Request Smuggling
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-302
- CVE-2026-28510
elabftw allows MFA bypass during login - CVE-2026-27840
ZITADEL's truncated opaque tokens are still valid - CVE-2024-45370
Socomec Easy Config System 安全漏洞 - CVE-2025-47158
Azure DevOps Server Elevation of Privilege Vulnerability - CVE-2025-20285
Cisco Identity Services Engine IP Filter Access Restriction
V. Comments for CVE-2025-46647
No comments yet