Apache APISIX Vulnerability Enables Cross-Issuer Access Under Misconfigurations

A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway.

This flaw, rated as important, could…