CVE-2025-59059 Apache — Exploit & Vulnerability Details CRITICAL

CVE-2025-59059

CRITICAL CVSS 3.1: 9.8 EPSS 0.32%

Parameter	Value
CVSS	9.8 (CRITICAL)
Fixed In	2.8.0
Type	CWE-94 (Code Injection (Внедрение кода))
Vendor	Apache
Public PoC	No

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-94 Code Injection (Внедрение кода)

References 2

https://lists.apache.org/thread/z47q86rho80390lf2qcmoc2josvs0gtv

security@apache.org

http://www.openwall.com/lists/oss-security/2026/03/02/5

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-40931

Apache

9.1

CVE-2026-27446

Apache

9.3

CVE-2025-59060

Apache

5.3

CVE-2025-40932

Apache

8.2

CVE-2026-27636

Apache

8.8

Menu

CVE-2025-59059

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2025-40931

CVE-2026-27446

CVE-2025-59060

CVE-2025-40932

CVE-2026-27636

CVE Details

Editor's Choice