A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway.
This flaw, rated as important, could allow attackers to gain unauthorized access across different identity issuers under specific misconfigurations.
https://gbhackers.com/apache-apisix-vulnerability/