QwikSec

Security Database

CVE

CWE

Training

CVE-2025-59954

Published: Sep 29, 2025

Modified: Sep 30, 2025

PUBLISHED

Description

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

Vendor	Product	Versions
KnowageLabs	Knowage-Server	affected `< 8.1.27`

Weaknesses (CWE)

References

https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hg-xrgq

x_refsource_CONFIRM

https://github.com/KnowageLabs/Knowage-Server/commit/1bb60d42557724f7ed24c19df6c5017e169527ca

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.