CVE-2025-59060 Apache — Exploit & Vulnerability Details MEDIUM

CVE-2025-59060

MEDIUM CVSS 3.1: 5.3 EPSS 0.09%

Parameter	Value
CVSS	5.3 (MEDIUM)
Fixed In	2.8.0
Type	CWE-297
Vendor	Apache
Public PoC	No

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

Low

Частичная утечка данных

Integrity

None

Нет модификации данных

Availability

None

Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-297

References 2

https://lists.apache.org/thread/c4plx81z3xs86vgl3fd95y3q7hhtff05

security@apache.org

http://www.openwall.com/lists/oss-security/2026/03/02/4

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-40931

Apache

9.1

CVE-2026-27446

Apache

9.3

CVE-2025-59059

Apache

9.8

CVE-2025-40932

Apache

8.2

CVE-2026-27636

Apache

8.8

Menu

CVE-2025-59060

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2025-40931

CVE-2026-27446

CVE-2025-59059

CVE-2025-40932

CVE-2026-27636

CVE Details

Editor's Choice