Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Apache Ranger: Malicious code can run on your system
CVE-2025-59059
GHSA-c87w-642h-m97h
Summary
Apache Ranger versions up to 2.7.0 can allow attackers to run unauthorized code on your system, potentially giving them control over your data. This is a serious risk, especially if you're using sensitive or confidential information. To fix this, update to version 2.8.0 or later.
What to do
- Update apache org.apache.ranger:ranger-plugins-common to version 2.8.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| apache | org.apache.ranger:ranger-plugins-common | <= 2.8.0 | 2.8.0 |
| apache | ranger | <= 2.8.0 | – |
Original title
Apache Ranger has a Code Injection vulnerability
Original description
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
nvd CVSS3.1
9.8
Vulnerability type
CWE-94
Code Injection
- https://lists.apache.org/thread/z47q86rho80390lf2qcmoc2josvs0gtv Mailing List Vendor Advisory
- http://www.openwall.com/lists/oss-security/2026/03/02/5 Mailing List Third Party Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-59059
- https://github.com/advisories/GHSA-c87w-642h-m97h
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026