CVE-2025-55007

Low CVSS: 3.5

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.

Vendor

Eng

Product

Knowage

CWE

CWE-918

Yayın Tarihi

2025-09-01 16:15:31

Güncelleme

2025-09-05 17:57:12

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Knowage LOW Eng 2025

Referanslar

https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7f6m-ph57-52w6

Benzer Kayıtlar

Medium

CVE-2025-58441

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-si…

Critical

CVE-2025-59954

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote…

Medium

CVE-2024-54792

A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An…

Critical

CVE-2024-54794

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.

Medium

CVE-2024-54795

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the works…