CVE-2025-59954 — CRITICAL (9.8)

Q: How severe is CVE-2025-59954?

CVE-2025-59954 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-59954?

Check the references section above for vendor advisories and patch information. Affected products include: Eng Knowage.

Vulnerability Description

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Eng	Knowage	< 8.1.27

Related Weaknesses (CWE)

CWE-94

References

https://github.com/KnowageLabs/Knowage-Server/commit/1bb60d42557724f7ed24c19df6cPatch
https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hgExploitVendor Advisory
https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hgExploitVendor Advisory

FAQ

What is CVE-2025-59954?

CVE-2025-59954 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in...

How severe is CVE-2025-59954?

CVE-2025-59954 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-59954?

Check the references section above for vendor advisories and patch information. Affected products include: Eng Knowage.