Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access

July 3, 2025

Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access

Apache APISIX, a high-performance and AI-ready API gateway trusted for managing traffic across microservices and LLM-based applications, has been found vulnerable to a token issuer validation flaw in …

Published Date:
Jul 04, 2025 (3 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

Source: Read More

Previous ArticleAnthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE

Next Article Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

Highlights

CVE-2025-32960 – CUBA REST API Cross-Site Scripting (XSS)

April 22, 2025

CVE ID : CVE-2025-32960

Published : April 22, 2025, 6:16 p.m. | 31 minutes ago

Description : The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 7.2.7. A workaround is provided on the Jmix documentation website.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

How to Fix “EA AntiCheat Has Detected an Incompatible Driver” on Windows 11?

Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access

Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

Google is intentionally throttling YouTube videos, slowing down users with ad blockers

Plotly brings vibe coding to visual data app development

CVE-2025-52934 – Apache HTTP Server Missing Configuration

Dynatrace Live Debugger, Mistral Agents API, and more – SD Times Daily Digest

CVE-2025-32960 – CUBA REST API Cross-Site Scripting (XSS)

Best Buy will give you our favorite Sony Bravia TV for free when you buy another – here’s what to know

CVE-2025-54232 – Adobe Framemaker Use After Free Vulnerability

Customize Logseq With Themes and Plugins

Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access

Apache APISIX Flaw (CVE-2025-46647): Token Issuer Bypass in OpenID Connect Allows Cross-Issuer Access

Related Posts