Knowage Contains a Remote Code Execution Vulnerability_CVE-2025-59954

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P

Description

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

Basic Information

ID CVE-2025-59954

Source GitHub_M

Published Sep 29, 2025 at 23:48

Affected Product

Vendor KnowageLabs

Product Knowage-Server

Version < 8.1.27

Affected Versions KnowageLabs Knowage-Server < 8.1.27

CWE Classification

CWE-94

References

{
    "lastseen": "",
    "description": "Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.",
    "published": "2025-09-29T23:48:04.968Z",
    "modified": "2025-09-29T23:48:04.968Z",
    "type": "cve",
    "title": "Knowage Contains a Remote Code Execution Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hg-xrgq\nhttps://github.com/KnowageLabs/Knowage-Server/commit/1bb60d42557724f7ed24c19df6c5017e169527ca",
    "id": "CVE-2025-59954",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "KnowageLabs Knowage-Server < 8.1.27",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Knowage-Server",
    "version": "< 8.1.27",
    "vendor": "KnowageLabs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}