CVE-2025-55007
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2025-09-05

Assigner: GitHub, Inc.

Description
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55007
EUVD
EUVD-2025-26348
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eng knowage to 8.1.37 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-55007 is a Server-Side Request Forgery (SSRF) vulnerability in Knowage-Server versions prior to 8.1.37. It allows an attacker to make the server send requests to arbitrary hosts or paths. Although the attacker cannot read the responses, this flaw can be used to scan internal networks by sending unauthorized requests from the server. [1]

Impact Analysis

This vulnerability can allow an attacker to scan your internal network by sending requests from the vulnerable server to arbitrary hosts or paths. While the attacker cannot read the responses, this could potentially lead to information disclosure about internal network structure or services, which may be leveraged for further attacks. [1]

Detection Guidance

Detection of this SSRF vulnerability can involve monitoring for unusual outbound requests from the Knowage server to internal or unexpected external hosts. Since the attacker can send arbitrary requests but cannot read responses, look for anomalous HTTP requests originating from the server to internal IP ranges or uncommon destinations. Commands to help detect this include using network monitoring tools like tcpdump or Wireshark to capture outbound traffic, for example: `tcpdump -i <interface> host <knowage-server-ip> and tcp` or `tcpdump -i <interface> dst net <internal-network-range>`. Additionally, reviewing server logs for unusual URL fetch requests or unexpected parameters in requests to the Knowage server may help identify exploitation attempts. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Knowage-Server to version 8.1.37 or later, where this SSRF vulnerability has been patched. If upgrading is not immediately possible, consider implementing network-level restrictions to prevent the Knowage server from making arbitrary outbound requests, such as firewall rules limiting outbound HTTP requests to trusted destinations only. Additionally, review and harden input validation on any URL or host parameters accepted by the server to ensure they only allow expected destinations. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart