Unrated severityNVD Advisory· Published Sep 29, 2025· Updated Sep 30, 2025

Knowage Contains a Remote Code Execution Vulnerability

CVE-2025-59954

Description

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

Affected products

Knowagelabs/Knowage Serverv5
Range: < 8.1.27

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/KnowageLabs/Knowage-Server/commit/1bb60d42557724f7ed24c19df6c5017e169527camitrex_refsource_MISC
github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hg-xrgqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000