CVE-2025-58441

Medium CVSS: 6.3

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.

Vendor

Eng

Product

Knowage

CWE

CWE-918

Yayın Tarihi

2026-01-07 18:15:49

Güncelleme

2026-02-03 16:46:15

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Knowage MEDIUM Eng 2026

Referanslar

https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-m6x8-wh9v-6jxp

Benzer Kayıtlar

Critical

CVE-2025-59954

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote…

Low

CVE-2025-55007

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to s…

Medium

CVE-2024-54792

A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An…

Critical

CVE-2024-54794

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.

Medium

CVE-2024-54795

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the works…