CVE-2025-59059 PUBLISHED

Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator

Assigner: apache
Reserved: 08.09.2025 Published: 03.03.2026 Updated: 03.03.2026

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Product Status

Vendor Apache Software Foundation
Product Apache Ranger
Versions Default: unaffected
  • affected from 0 to 2.7.0 (incl.)

Credits

  • chengtianyi <chengtianyi@huawei.com> finder

References

Problem Types

  • CWE-94 Improper Control of Generation of Code ('Code Injection') CWE