CVE-2025-59954CRITICAL 9.8EPSS p38.8%

CVE-2025-59954CVE-2025-59954

Description

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.8% · 2026-06-18T12:00:27Z
Published2025-09-30
Last modified2025-10-08

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/KnowageLabs/Knowage-Server/commit/1bb60d42557724f7ed24c19df6c5017e169527ca
  2. https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hg-xrgq
  3. https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hg-xrgq

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-45854
CVE
CVE-2025-10492
CVE
CVE-2025-58748
CVE
CVE-2025-59059
CVE
CVE-2025-1302
CVE
CVE-2025-3835
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.