CVE-2025-59059 — Vulnetix

CVE-2025-59059 PUBLISHED CVSS 9.300000190734863 CRITICAL

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

EPSS 0.10% · 27.6th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.10%

27.6th percentile

Affected Products

Vendor	Product	Versions
Apache Software Foundation	Apache Ranger	0, 0, 0
apache	ranger	0, 0, 0
Maven	org.apache.ranger:ranger-plugins-common	0, 0, 0

Timeline

Mar 2, 2026 PoC Published
Mar 3, 2026 CVE Published
Mar 3, 2026 EPSS Score
Mar 3, 2026 PoC Published
Mar 3, 2026 PoC Published
Mar 4, 2026 CVE Updated
Mar 4, 2026 EPSS Score
Mar 6, 2026 EPSS Score
Mar 7, 2026 EPSS Score
Mar 8, 2026 EPSS Score
Mar 9, 2026 EPSS Score
Mar 11, 2026 EPSS Score

References

https://lists.apache.org/thread/z47q86rho80390lf2qcmoc2josvs0gtv vendor-advisory
http://www.openwall.com/lists/oss-security/2026/03/02/5 url
https://nvd.nist.gov/vuln/detail/CVE-2025-59059 advisory
https://github.com/apache/ranger package

Open in Interactive Console →