2
1
1
0
Vulnerability Timeline
2 vulnerabilities discovered over time for Ranger
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-59060 | 5.3 | This vulnerability allows an attacker to impersonate a trusted server by bypassing hostname verification in Apache Ranger, which could lead to unauthorized access to sensitive data. It affects versions 2.7.0 and earlier, so users should upgrade to version 2.8.0 to protect against this risk. | apacheranger | Exploit Available | about 1 month agoMar 3, 2026 |
| CVE-2025-59059 | 9.8 | This vulnerability allows an attacker to execute malicious code remotely on systems running Apache Ranger versions 2.7.0 or earlier. To exploit this, the attacker needs access to the Ranger service, which could happen if the service is exposed to the internet or accessible on an internal network. | apacheranger | Theoretical | about 1 month agoMar 3, 2026 |
About Apache Ranger Security
This page provides comprehensive security vulnerability tracking for Apache Ranger. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Ranger updated to the latest version
- • Subscribe to security advisories from Apache
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately