CVE-2025-58441 – Knowage versions before 8.1.37 have a blind ser... (How to Fix)

Q: What is the severity of CVE-2025-58441?

CVE-2025-58441 has a CVSS score of 6.5 (MEDIUM). Knowage versions before 8.1.37 have a blind server-side request forgery vulnerability that allows attackers to send requests to arbitrary internal hosts and paths. While attackers cannot read responses, they can use this to scan internal networks. All Knowage deployments using vulnerable versions are affected.

📋 TL;DR

Knowage versions before 8.1.37 have a blind server-side request forgery vulnerability that allows attackers to send requests to arbitrary internal hosts and paths. While attackers cannot read responses, they can use this to scan internal networks. All Knowage deployments using vulnerable versions are affected.

💻 Affected Systems

Products:

Knowage

Versions: All versions prior to 8.1.37

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Knowage deployments with default configuration are vulnerable.

📦 What is this software?

Knowage by Eng

View all CVEs affecting Knowage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker maps internal network infrastructure, identifies other vulnerable services, and uses this reconnaissance for lateral movement or combined attacks.

🟠

Likely Case

Internal network scanning to discover other systems, potentially identifying additional attack surfaces.

🟢

If Mitigated

Limited to port scanning of internal systems with no data exfiltration.

🌐 Internet-Facing: MEDIUM - Attackers can probe internal network from internet-facing instance.

🏢 Internal Only: LOW - Requires attacker to already have internal access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Blind SSRF typically requires some authentication level but is straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.37

Vendor Advisory: https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-m6x8-wh9v-6jxp

Restart Required: Yes

Instructions:

1. Backup current Knowage installation and data. 2. Download Knowage 8.1.37 or newer. 3. Follow official upgrade documentation. 4. Restart Knowage services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict Knowage server's outbound network access to only required services.

Web Application Firewall Rules

all

Block SSRF patterns in WAF by detecting outbound requests to internal IP ranges.

🧯 If You Can't Patch

Implement strict network egress filtering to limit Knowage server's outbound connections.
Deploy web application firewall with SSRF detection rules.

🔍 How to Verify

Check if Vulnerable:

Check Knowage version in admin interface or configuration files.

Check Version:

Check web interface or examine knowage.version file in installation directory.

Verify Fix Applied:

Confirm version is 8.1.37 or newer and test SSRF functionality is blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Knowage server
Requests to internal IP addresses or unusual domains

Network Indicators:

Knowage server making unexpected outbound HTTP requests
Port scanning patterns originating from Knowage server

SIEM Query:

source="knowage" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16)

📊 Metadata

CVE ID: CVE-2025-58441

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-918

EPSS Score: 0.04% exploit probability (12th percentile)

Published: January 7, 2026

Last Updated: February 3, 2026

🔗 References

https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-m6x8-wh9v-6jxp Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58441, you might also want to check these: