CVE-2025-58441
Blind SSRF Vulnerability in Knowage BI Suite Allows Internal Scanning
Publication date: 2026-01-07
Last updated on: 2026-02-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| knowagelabs | knowage-server | to 8.1.37 (exc) |
| eng | knowage | to 8.1.37 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. Since the vulnerability is a blind SSRF that does not allow reading of responses and has no impact on confidentiality, integrity, or availability, its effect on compliance requirements is not detailed. [1]
Can you explain this vulnerability to me?
CVE-2025-58441 is a Blind Server-Side Request Forgery (SSRF) vulnerability in Knowage-Server versions prior to 8.1.37. It allows an attacker to make the server send HTTP requests to arbitrary hosts or paths. The attacker cannot see the responses to these requests, but can use this to scan internal networks and potentially discover internal services or infrastructure. The vulnerability exists because the server does not properly verify that requested URLs are authorized or expected. This issue has been fixed in version 8.1.37. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to scan your internal network by making the vulnerable server send requests to arbitrary internal hosts or paths. Although the attacker cannot read the responses, this internal network scanning can expose internal services or infrastructure, potentially aiding further attacks or reconnaissance. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Blind SSRF vulnerability involves monitoring for unusual outbound HTTP requests originating from the Knowage server to internal or unexpected external hosts. Since the vulnerability allows attackers to send arbitrary requests via the server, network traffic analysis tools can be used to identify suspicious request patterns. Specific commands depend on your environment, but for example, using tcpdump or Wireshark to capture outgoing HTTP requests from the Knowage server IP can help. Example tcpdump command: tcpdump -i <interface> host <knowage_server_ip> and port 80 or 443. Additionally, reviewing server logs for unexpected URL fetches or requests to internal IP ranges may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Knowage server to version 8.1.37 or later, where this SSRF vulnerability has been patched. Until the upgrade can be performed, restrict the Knowage server's outbound network access to only trusted hosts and block requests to internal network ranges to limit the impact of potential exploitation. Monitoring and alerting on unusual outbound requests can also help detect exploitation attempts. [1]