CVE-2025-59059: Apache Ranger has a Code Injection vulnerability
(updated )
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-59059 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →