CVE-2025-58441
Unknown Unknown - Not Provided
Blind SSRF Vulnerability in Knowage BI Suite Allows Internal Scanning

Publication date: 2026-01-07

Last updated on: 2026-02-03

Assigner: GitHub, Inc.

Description
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58441
EUVD
EUVD-2025-206264
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
knowagelabs knowage-server to 8.1.37 (exc)
eng knowage to 8.1.37 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58441 is a Blind Server-Side Request Forgery (SSRF) vulnerability in Knowage-Server versions prior to 8.1.37. It allows an attacker to make the server send HTTP requests to arbitrary hosts or paths. The attacker cannot see the responses to these requests, but can use this to scan internal networks and potentially discover internal services or infrastructure. The vulnerability exists because the server does not properly verify that requested URLs are authorized or expected. This issue has been fixed in version 8.1.37. [1]

Impact Analysis

This vulnerability can allow an attacker to scan your internal network by making the vulnerable server send requests to arbitrary internal hosts or paths. Although the attacker cannot read the responses, this internal network scanning can expose internal services or infrastructure, potentially aiding further attacks or reconnaissance. [1]

Detection Guidance

Detection of this Blind SSRF vulnerability involves monitoring for unusual outbound HTTP requests originating from the Knowage server to internal or unexpected external hosts. Since the vulnerability allows attackers to send arbitrary requests via the server, network traffic analysis tools can be used to identify suspicious request patterns. Specific commands depend on your environment, but for example, using tcpdump or Wireshark to capture outgoing HTTP requests from the Knowage server IP can help. Example tcpdump command: tcpdump -i <interface> host <knowage_server_ip> and port 80 or 443. Additionally, reviewing server logs for unexpected URL fetches or requests to internal IP ranges may help detect exploitation attempts. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the Knowage server to version 8.1.37 or later, where this SSRF vulnerability has been patched. Until the upgrade can be performed, restrict the Knowage server's outbound network access to only trusted hosts and block requests to internal network ranges to limit the impact of potential exploitation. Monitoring and alerting on unusual outbound requests can also help detect exploitation attempts. [1]

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. Since the vulnerability is a blind SSRF that does not allow reading of responses and has no impact on confidentiality, integrity, or availability, its effect on compliance requirements is not detailed. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58441. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart