Hostname Verification Bypass in Apache Ranger by Apache Software Foundation
CVE-2025-59060

Currently unrated

Key Information:

Vendor

Apache
Status
Apache Ranger
Vendor
CVE Published:
3 March 2026

What is CVE-2025-59060?

A hostname verification bypass vulnerability exists in Apache Ranger's NiFiRegistryClient and NiFiClient components, affecting versions up to 2.7.0. This flaw can potentially allow an attacker to exploit the system by taking advantage of inadequate hostname verification. Users are encouraged to upgrade to version 2.8.0, which addresses this issue and fortifies security against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Ranger 0 <= 2.7.0

References

https://lists.apache.org/thread/c4plx81z3xs86vgl3fd95y3q7...
vendor-advisory

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nikita Markevich <markevich.nikita1@gmail.com>
JSON
.