Knowage is vulnerable to blind server-side request forgery (SSRF)

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.

Basic Information

ID CVE-2025-58441

Source GitHub_M

Published Jan 7, 2026 at 17:16

Affected Product

Vendor KnowageLabs

Product Knowage-Server

Version < 8.1.37

Affected Versions KnowageLabs Knowage-Server < 8.1.37

CWE Classification

CWE-918

References

github.com /KnowageLabs/Knowage-Server/security/advisories/GHSA-m6x8-wh9v-6jxp

{
    "lastseen": "",
    "description": "Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.",
    "published": "2026-01-07T17:16:44.798Z",
    "modified": "2026-01-07T17:16:44.798Z",
    "type": "cve",
    "title": "Knowage is vulnerable to blind server-side request forgery (SSRF)",
    "source": "GitHub_M",
    "references": "https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-m6x8-wh9v-6jxp",
    "id": "CVE-2025-58441",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "KnowageLabs Knowage-Server < 8.1.37",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Knowage-Server",
    "version": "< 8.1.37",
    "vendor": "KnowageLabs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Knowage is vulnerable to blind server-side request forgery (SSRF)_CVE-2025-58441