CVE-2025-59060: Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch

March 3, 2026 (updated March 4, 2026)

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0.

Users are recommended to upgrade to version 2.8.0, which fixes this issue.

References

github.com/advisories/GHSA-5fvg-qwcp-r325
github.com/apache/ranger
lists.apache.org/thread/c4plx81z3xs86vgl3fd95y3q7hhtff05
nvd.nist.gov/vuln/detail/CVE-2025-59060

Code Behaviors & Features

Detect and mitigate CVE-2025-59060 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →