Home > Vulnerability Database > CVE-2025-55007

Mend.io Vulnerability Database

CVE-2025-55007

Good to know:

Date: September 1, 2025

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.

Severity Score

3.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55007

Url: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-7f6m-ph57-52w6

Url: https://www.mend.io/vulnerability-database/CVE-2025-55007

Severity Score

3.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version https://github.com/KnowageLabs/Knowage-Server.git - v8.1.37

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55007

Good to know:

Date: September 1, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?