Cyber Posture

CVE-2024-55532

Critical

Published: 03 March 2025

Published
03 March 2025
Modified
21 May 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 67.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55532 is a critical-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Apache Ranger. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely patching and upgrading Apache Ranger to version 2.6.0 as recommended by the vendor.

SI-15 Information Output Filtering good match
prevent

Filters and neutralizes formula elements in CSV export output to prevent injection of malicious formulas exploitable by remote attackers.

AC-3 Access Enforcement good match
prevent

Enforces access controls to block unauthenticated remote attackers from triggering the vulnerable Export CSV functionality.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability allows remote unauthenticated attackers to exploit the Export CSV feature in the public-facing Apache Ranger web application, directly mapping to T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.

Deeper analysisAI

CVE-2024-55532 is an improper neutralization of formula elements vulnerability in the Export CSV feature of Apache Ranger versions prior to 2.6.0. Published on March 3, 2025, this flaw (mapped to CWE-1236) carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability.

Remote unauthenticated attackers can exploit this vulnerability over the network by triggering the Export CSV functionality, potentially leading to severe consequences such as unauthorized data access, modification, or disruption, as reflected in the high CVSS impact metrics (C:H/I:H/A:H) with unchanged scope.

Apache advisories recommend upgrading to Ranger version 2.6.0, which addresses the issue. Additional details are available in the Apache Ranger vulnerabilities wiki at https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger and the oss-security mailing list announcement at http://www.openwall.com/lists/oss-security/2025/03/03/2.

Details

CWE(s)
CWE-1236

Affected Products

apache
ranger
≤ 2.6.0

CVEs Like This One

CVE-2025-59059Same product: Apache Ranger
CVE-2024-45479Same product: Apache Ranger
CVE-2026-31908Same vendor: Apache
CVE-2025-54466Same vendor: Apache
CVE-2026-40466Same vendor: Apache
CVE-2025-24783Same vendor: Apache
CVE-2026-24343Same vendor: Apache
CVE-2025-66614Same vendor: Apache
CVE-2026-29146Same vendor: Apache
CVE-2025-61622Same vendor: Apache

References