CVE-2025-59059
Remote Code Execution in Apache Ranger NashornScriptEngineCreator
Publication date: 2026-03-03
Last updated on: 2026-03-05
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | ranger | to 2.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This Remote Code Execution vulnerability can allow attackers to run malicious code on your system remotely.
Such an exploit can lead to unauthorized access, data theft, system compromise, or disruption of services.
If exploited, it could severely impact the security and integrity of your environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Remote Code Execution vulnerability in NashornScriptEngineCreator in Apache Ranger, users are recommended to upgrade Apache Ranger to version 2.8.0, which contains the fix for this issue.
Can you explain this vulnerability to me?
This vulnerability is a Remote Code Execution (RCE) issue found in the NashornScriptEngineCreator component of Apache Ranger versions up to and including 2.7.0.
It allows an attacker to execute arbitrary code remotely, potentially compromising the affected system.
The issue is fixed in Apache Ranger version 2.8.0, and users are recommended to upgrade to this version to mitigate the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know