diff --git a/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java b/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java
index da01e03b..7b798b33 100644
--- a/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java
+++ b/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java
@@ -36,6 +36,7 @@
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -228,6 +229,7 @@ private Content generateSbomFromEffectivePom() throws IOException {
             .filter(DependencyAggregator::isTestDependency)
             .collect(Collectors.toSet());
     var deps = getDependencies(tmpEffPom);
+    deps = resolveVersionRanges(deps);
     var sbom = SbomFactory.newInstance().addRoot(getRoot(tmpEffPom), readLicenseFromManifest());
     deps.stream()
         .filter(dep -> !testsDeps.contains(dep))
@@ -239,6 +241,82 @@ private Content generateSbomFromEffectivePom() throws IOException {
     return new Content(sbom.getAsJsonString().getBytes(), Api.CYCLONEDX_MEDIA_TYPE);
   }
 
+  /**
+   * Checks whether the given version string is a Maven version range expression (starts with '[' or
+   * '(').
+   */
+  private static boolean isVersionRange(String version) {
+    if (version == null || version.isEmpty()) return false;
+    char first = version.charAt(0);
+    return first == '[' || first == '(';
+  }
+
+  /**
+   * Resolves Maven version ranges by running the dependency tree plugin and replacing range
+   * expressions with concrete resolved versions. If no version ranges are present, the original
+   * list is returned unchanged. On failure, the original list is returned with a warning logged.
+   */
+  private List<DependencyAggregator> resolveVersionRanges(List<DependencyAggregator> deps)
+      throws IOException {
+    // Short-circuit: if no dep has a version range, return unchanged
+    boolean hasRanges = deps.stream().anyMatch(d -> isVersionRange(d.version));
+    if (!hasRanges) {
+      return deps;
+    }
+
+    Path tmpFile = Files.createTempFile("TRUSTIFY_DA_range_tree_", ".txt");
+    try {
+      var cmd =
+          buildMvnCommandArgs(
+              "org.apache.maven.plugins:maven-dependency-plugin:3.6.0:tree",
+              "-Dscope=compile",
+              "-DoutputType=text",
+              String.format("-DoutputFile=%s", tmpFile.toString()),
+              "-f",
+              manifestPath.toString(),
+              "--batch-mode",
+              "-q");
+      Operations.runProcess(manifestPath.getParent(), cmd.toArray(String[]::new), getMvnExecEnvs());
+
+      // Read the dependency tree output and build a lookup map of resolved versions
+      List<String> lines = Files.readAllLines(tmpFile);
+      Map<String, String> resolvedVersions = new HashMap<>();
+      for (String line : lines) {
+        if (getDepth(line) == 1) {
+          DependencyAggregator resolved = parseDep(line);
+          resolvedVersions.put(resolved.groupId + ":" + resolved.artifactId, resolved.version);
+        }
+      }
+
+      // Replace version ranges with resolved concrete versions
+      for (DependencyAggregator dep : deps) {
+        if (isVersionRange(dep.version)) {
+          String key = dep.groupId + ":" + dep.artifactId;
+          String resolved = resolvedVersions.get(key);
+          if (resolved != null) {
+            if (debugLoggingIsNeeded()) {
+              log.info(
+                  String.format(
+                      "Resolved version range for %s: %s -> %s", key, dep.version, resolved));
+            }
+            dep.version = resolved;
+          }
+        }
+      }
+    } catch (Exception e) {
+      log.warning(
+          String.format(
+              "Failed to resolve version ranges via dependency tree, "
+                  + "using original versions: %s",
+              e.getMessage()));
+      return deps;
+    } finally {
+      Files.deleteIfExists(tmpFile);
+    }
+
+    return deps;
+  }
+
   private PackageURL getRoot(final Path manifestPath) throws IOException {
     XMLStreamReader reader = null;
     try {
diff --git a/src/test/java/io/github/guacsec/trustifyda/providers/Java_Maven_Provider_Test.java b/src/test/java/io/github/guacsec/trustifyda/providers/Java_Maven_Provider_Test.java
index ed70a06d..22e21060 100644
--- a/src/test/java/io/github/guacsec/trustifyda/providers/Java_Maven_Provider_Test.java
+++ b/src/test/java/io/github/guacsec/trustifyda/providers/Java_Maven_Provider_Test.java
@@ -56,7 +56,8 @@ static Stream<String> testFolders() {
         "deps_with_ignore_on_version",
         "deps_with_ignore_on_wrong",
         "deps_with_no_ignore",
-        "pom_deps_with_no_ignore_common_paths");
+        "pom_deps_with_no_ignore_common_paths",
+        "deps_with_version_range");
   }
 
   @ParameterizedTest
@@ -143,12 +144,29 @@ void test_the_provideComponent(String testFolder) throws IOException {
             getClass(), String.format("tst_manifests/maven/%s/effectivePom.xml", testFolder))) {
       effectivePom = new String(is.readAllBytes());
     }
+
+    String depTree;
+    try (var is =
+        getResourceAsStreamDecision(
+            getClass(), String.format("tst_manifests/maven/%s/depTree.txt", testFolder))) {
+      depTree = new String(is.readAllBytes());
+    }
+
     try (MockedStatic<Operations> mockedOperations = mockStatic(Operations.class)) {
       mockedOperations
           .when(() -> Operations.runProcess(any(), any(), any()))
           .thenAnswer(
-              invocationOnMock ->
-                  getOutputFileAndOverwriteItWithMock(effectivePom, invocationOnMock, "-Doutput"));
+              invocationOnMock -> {
+                String result =
+                    getOutputFileAndOverwriteItWithMock(
+                        effectivePom, invocationOnMock, "-Doutput=");
+                if (result == null) {
+                  result =
+                      getOutputFileAndOverwriteItWithMock(
+                          depTree, invocationOnMock, "-DoutputFile");
+                }
+                return result;
+              });
       // Mock Operations.getCustomPathOrElse to return "mvn"
       mockedOperations.when(() -> Operations.getCustomPathOrElse(anyString())).thenReturn("mvn");
       mockedOperations
@@ -189,12 +207,29 @@ void test_the_provideComponent_With_Path(String testFolder) throws IOException {
             getClass(), String.format("tst_manifests/maven/%s/effectivePom.xml", testFolder))) {
       effectivePom = new String(is.readAllBytes());
     }
+
+    String depTree;
+    try (var is =
+        getResourceAsStreamDecision(
+            getClass(), String.format("tst_manifests/maven/%s/depTree.txt", testFolder))) {
+      depTree = new String(is.readAllBytes());
+    }
+
     try (MockedStatic<Operations> mockedOperations = mockStatic(Operations.class)) {
       mockedOperations
           .when(() -> Operations.runProcess(any(), any(), any()))
           .thenAnswer(
-              invocationOnMock ->
-                  getOutputFileAndOverwriteItWithMock(effectivePom, invocationOnMock, "-Doutput"));
+              invocationOnMock -> {
+                String result =
+                    getOutputFileAndOverwriteItWithMock(
+                        effectivePom, invocationOnMock, "-Doutput=");
+                if (result == null) {
+                  result =
+                      getOutputFileAndOverwriteItWithMock(
+                          depTree, invocationOnMock, "-DoutputFile");
+                }
+                return result;
+              });
       // Mock Operations.getCustomPathOrElse to return "mvn"
       mockedOperations.when(() -> Operations.getCustomPathOrElse(anyString())).thenReturn("mvn");
       mockedOperations
diff --git a/src/test/resources/tst_manifests/maven/deps_with_version_range/depTree.txt b/src/test/resources/tst_manifests/maven/deps_with_version_range/depTree.txt
new file mode 100644
index 00000000..761020ff
--- /dev/null
+++ b/src/test/resources/tst_manifests/maven/deps_with_version_range/depTree.txt
@@ -0,0 +1,3 @@
+pom-with-deps-version-range:pom-with-version-range-for-tests:jar:0.0.1
++- log4j:log4j:jar:1.2.17:compile
+\- org.xerial.snappy:snappy-java:jar:1.1.10.0:compile
diff --git a/src/test/resources/tst_manifests/maven/deps_with_version_range/effectivePom.xml b/src/test/resources/tst_manifests/maven/deps_with_version_range/effectivePom.xml
new file mode 100644
index 00000000..15f020c9
--- /dev/null
+++ b/src/test/resources/tst_manifests/maven/deps_with_version_range/effectivePom.xml
@@ -0,0 +1,252 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ====================================================================== -->
+<!--                                                                        -->
+<!-- Generated by Maven Help Plugin                                         -->
+<!-- See: https://maven.apache.org/plugins/maven-help-plugin/               -->
+<!--                                                                        -->
+<!-- ====================================================================== -->
+<!-- ====================================================================== -->
+<!--                                                                        -->
+<!-- Effective POM for project                                              -->
+<!-- 'pom-with-deps-version-range:pom-with-version-range-for-tests:jar:0.0.1' -->
+<!--                                                                        -->
+<!-- ====================================================================== -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>pom-with-deps-version-range</groupId>
+  <artifactId>pom-with-version-range-for-tests</artifactId>
+  <version>0.0.1</version>
+  <dependencies>
+    <dependency>
+      <groupId>log4j</groupId>
+      <artifactId>log4j</artifactId>
+      <version>[1.2.17,1.3.0)</version>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.xerial.snappy</groupId>
+      <artifactId>snappy-java</artifactId>
+      <version>1.1.10.0</version>
+      <scope>compile</scope>
+    </dependency>
+  </dependencies>
+  <repositories>
+    <repository>
+      <snapshots>
+        <enabled>false</enabled>
+      </snapshots>
+      <id>central</id>
+      <name>Central Repository</name>
+      <url>https://repo.maven.apache.org/maven2</url>
+    </repository>
+  </repositories>
+  <pluginRepositories>
+    <pluginRepository>
+      <releases>
+        <updatePolicy>never</updatePolicy>
+      </releases>
+      <snapshots>
+        <enabled>false</enabled>
+      </snapshots>
+      <id>central</id>
+      <name>Central Repository</name>
+      <url>https://repo.maven.apache.org/maven2</url>
+    </pluginRepository>
+  </pluginRepositories>
+  <build>
+    <sourceDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/src/main/java</sourceDirectory>
+    <scriptSourceDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/src/main/scripts</scriptSourceDirectory>
+    <testSourceDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/src/test/java</testSourceDirectory>
+    <outputDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/target/classes</outputDirectory>
+    <testOutputDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/target/test-classes</testOutputDirectory>
+    <resources>
+      <resource>
+        <directory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/src/main/resources</directory>
+      </resource>
+    </resources>
+    <testResources>
+      <testResource>
+        <directory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/src/test/resources</directory>
+      </testResource>
+    </testResources>
+    <directory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/target</directory>
+    <finalName>pom-with-version-range-for-tests-0.0.1</finalName>
+    <pluginManagement>
+      <plugins>
+        <plugin>
+          <artifactId>maven-antrun-plugin</artifactId>
+          <version>1.3</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-assembly-plugin</artifactId>
+          <version>2.2-beta-5</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-dependency-plugin</artifactId>
+          <version>2.8</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-release-plugin</artifactId>
+          <version>2.5.3</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+    <plugins>
+      <plugin>
+        <artifactId>maven-clean-plugin</artifactId>
+        <version>2.5</version>
+        <executions>
+          <execution>
+            <id>default-clean</id>
+            <phase>clean</phase>
+            <goals>
+              <goal>clean</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-resources-plugin</artifactId>
+        <version>2.6</version>
+        <executions>
+          <execution>
+            <id>default-testResources</id>
+            <phase>process-test-resources</phase>
+            <goals>
+              <goal>testResources</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>default-resources</id>
+            <phase>process-resources</phase>
+            <goals>
+              <goal>resources</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-jar-plugin</artifactId>
+        <version>2.4</version>
+        <executions>
+          <execution>
+            <id>default-jar</id>
+            <phase>package</phase>
+            <goals>
+              <goal>jar</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.1</version>
+        <executions>
+          <execution>
+            <id>default-compile</id>
+            <phase>compile</phase>
+            <goals>
+              <goal>compile</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>default-testCompile</id>
+            <phase>test-compile</phase>
+            <goals>
+              <goal>testCompile</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>2.12.4</version>
+        <executions>
+          <execution>
+            <id>default-test</id>
+            <phase>test</phase>
+            <goals>
+              <goal>test</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-install-plugin</artifactId>
+        <version>2.4</version>
+        <executions>
+          <execution>
+            <id>default-install</id>
+            <phase>install</phase>
+            <goals>
+              <goal>install</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-deploy-plugin</artifactId>
+        <version>2.7</version>
+        <executions>
+          <execution>
+            <id>default-deploy</id>
+            <phase>deploy</phase>
+            <goals>
+              <goal>deploy</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <artifactId>maven-site-plugin</artifactId>
+        <version>3.3</version>
+        <executions>
+          <execution>
+            <id>default-site</id>
+            <phase>site</phase>
+            <goals>
+              <goal>site</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/target/site</outputDirectory>
+              <reportPlugins>
+                <reportPlugin>
+                  <groupId>org.apache.maven.plugins</groupId>
+                  <artifactId>maven-project-info-reports-plugin</artifactId>
+                </reportPlugin>
+              </reportPlugins>
+            </configuration>
+          </execution>
+          <execution>
+            <id>default-deploy</id>
+            <phase>site-deploy</phase>
+            <goals>
+              <goal>deploy</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/target/site</outputDirectory>
+              <reportPlugins>
+                <reportPlugin>
+                  <groupId>org.apache.maven.plugins</groupId>
+                  <artifactId>maven-project-info-reports-plugin</artifactId>
+                </reportPlugin>
+              </reportPlugins>
+            </configuration>
+          </execution>
+        </executions>
+        <configuration>
+          <outputDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/target/site</outputDirectory>
+          <reportPlugins>
+            <reportPlugin>
+              <groupId>org.apache.maven.plugins</groupId>
+              <artifactId>maven-project-info-reports-plugin</artifactId>
+            </reportPlugin>
+          </reportPlugins>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+  <reporting>
+    <outputDirectory>/home/zgrinber/git/trustify-da-java-client/src/test/resources/tst_manifests/maven/deps_with_version_range/target/site</outputDirectory>
+  </reporting>
+</project>
diff --git a/src/test/resources/tst_manifests/maven/deps_with_version_range/expected_component_sbom.json b/src/test/resources/tst_manifests/maven/deps_with_version_range/expected_component_sbom.json
new file mode 100644
index 00000000..753f4abe
--- /dev/null
+++ b/src/test/resources/tst_manifests/maven/deps_with_version_range/expected_component_sbom.json
@@ -0,0 +1,51 @@
+{
+  "bomFormat" : "CycloneDX",
+  "specVersion" : "1.4",
+  "version" : 1,
+  "metadata" : {
+    "timestamp" : "2025-04-09T12:15:45Z",
+    "component" : {
+      "type" : "application",
+      "bom-ref" : "pkg:maven/pom-with-deps-version-range/pom-with-version-range-for-tests@0.0.1",
+      "group" : "pom-with-deps-version-range",
+      "name" : "pom-with-version-range-for-tests",
+      "version" : "0.0.1",
+      "purl" : "pkg:maven/pom-with-deps-version-range/pom-with-version-range-for-tests@0.0.1"
+    }
+  },
+  "components" : [
+    {
+      "type" : "library",
+      "bom-ref" : "pkg:maven/log4j/log4j@1.2.17",
+      "group" : "log4j",
+      "name" : "log4j",
+      "version" : "1.2.17",
+      "purl" : "pkg:maven/log4j/log4j@1.2.17"
+    },
+    {
+      "type" : "library",
+      "bom-ref" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0",
+      "group" : "org.xerial.snappy",
+      "name" : "snappy-java",
+      "version" : "1.1.10.0",
+      "purl" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0"
+    }
+  ],
+  "dependencies" : [
+    {
+      "ref" : "pkg:maven/pom-with-deps-version-range/pom-with-version-range-for-tests@0.0.1",
+      "dependsOn" : [
+        "pkg:maven/log4j/log4j@1.2.17",
+        "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0"
+      ]
+    },
+    {
+      "ref" : "pkg:maven/log4j/log4j@1.2.17",
+      "dependsOn" : [ ]
+    },
+    {
+      "ref" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0",
+      "dependsOn" : [ ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/src/test/resources/tst_manifests/maven/deps_with_version_range/expected_stack_sbom.json b/src/test/resources/tst_manifests/maven/deps_with_version_range/expected_stack_sbom.json
new file mode 100644
index 00000000..fc3489fb
--- /dev/null
+++ b/src/test/resources/tst_manifests/maven/deps_with_version_range/expected_stack_sbom.json
@@ -0,0 +1,51 @@
+{
+  "bomFormat" : "CycloneDX",
+  "specVersion" : "1.4",
+  "version" : 1,
+  "metadata" : {
+    "timestamp" : "2025-04-09T12:14:35Z",
+    "component" : {
+      "type" : "application",
+      "bom-ref" : "pkg:maven/pom-with-deps-version-range/pom-with-version-range-for-tests@0.0.1",
+      "group" : "pom-with-deps-version-range",
+      "name" : "pom-with-version-range-for-tests",
+      "version" : "0.0.1",
+      "purl" : "pkg:maven/pom-with-deps-version-range/pom-with-version-range-for-tests@0.0.1"
+    }
+  },
+  "components" : [
+    {
+      "type" : "library",
+      "bom-ref" : "pkg:maven/log4j/log4j@1.2.17",
+      "group" : "log4j",
+      "name" : "log4j",
+      "version" : "1.2.17",
+      "purl" : "pkg:maven/log4j/log4j@1.2.17"
+    },
+    {
+      "type" : "library",
+      "bom-ref" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0",
+      "group" : "org.xerial.snappy",
+      "name" : "snappy-java",
+      "version" : "1.1.10.0",
+      "purl" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0"
+    }
+  ],
+  "dependencies" : [
+    {
+      "ref" : "pkg:maven/pom-with-deps-version-range/pom-with-version-range-for-tests@0.0.1",
+      "dependsOn" : [
+        "pkg:maven/log4j/log4j@1.2.17",
+        "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0"
+      ]
+    },
+    {
+      "ref" : "pkg:maven/log4j/log4j@1.2.17",
+      "dependsOn" : [ ]
+    },
+    {
+      "ref" : "pkg:maven/org.xerial.snappy/snappy-java@1.1.10.0",
+      "dependsOn" : [ ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/src/test/resources/tst_manifests/maven/deps_with_version_range/pom.xml b/src/test/resources/tst_manifests/maven/deps_with_version_range/pom.xml
new file mode 100644
index 00000000..cb277e06
--- /dev/null
+++ b/src/test/resources/tst_manifests/maven/deps_with_version_range/pom.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>pom-with-deps-version-range</groupId>
+  <artifactId>pom-with-version-range-for-tests</artifactId>
+  <version>0.0.1</version>
+
+  <dependencies>
+    <dependency>
+      <groupId>log4j</groupId>
+      <artifactId>log4j</artifactId>
+      <version>[1.2.17,1.3.0)</version>
+    </dependency>
+    <dependency>
+      <groupId>org.xerial.snappy</groupId>
+      <artifactId>snappy-java</artifactId>
+      <version>1.1.10.0</version>
+    </dependency>
+  </dependencies>
+</project>