Sign In

CVE-2025-59059

ADVISORY - github

Summary

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.

Users are recommended to upgrade to version 2.8.0, which fixes this issue.

EPSS Score: 0.00097 (0.264)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-94

Improper Control of Generation of Code ('Code Injection')

ADVISORY - github

CWE-94

Improper Control of Generation of Code ('Code Injection')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-59059
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-94

CVSS SCORE

9.8critical

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-c87w-642h-m97h
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-94

CVSS SCORE

9.8critical

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2025-59059
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-87r2-j583-xhxf

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY