What is the CVSS score of CVE-2025-55007?

CVE-2025-55007 has a CVSS 3.1 base score of 3.5 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Knowage are affected by CVE-2025-55007?

CVE-2025-55007 is a low-severity vulnerability in Knowage involving SSRF (CVSS 3.5).. A patch is available.

How to fix or mitigate CVE-2025-55007?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Knowage CVE-2025-55007

LOW

Server-Side Request Forgery (SSRF) (CWE-918)

2025-09-01 security-advisories@github.com

SSRF Knowage

3.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

3.5 LOW

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:09 vuln.today

Patch released

Mar 28, 2026 - 19:09 nvd

Patch available

CVE Published

Sep 01, 2025 - 16:15 nvd

LOW 3.5

DescriptionGitHub Advisory

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37.

AnalysisAI

Knowage is an open source analytics and business intelligence suite. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker could be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37. Affected products include: Eng Knowage. Version information: version 8.1.37.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2025-55007 vulnerability details – vuln.today

Back