CNNVD-202509-4520 Information

CNNVD ID

CNNVD-202509-4520

Related CVE

CVE-2025-59954

• CNNVD Published: 2025-09-30

Description (Chinese)

Knowage是意大利Knowage公司的一套用于在传统资源和大数据系统上进行现代业务分析的开源套件。 Knowage 8.1.26及之前版本存在安全漏洞，该漏洞源于使用不安全的org.apache.commons.jxpath.JXPathContext，可能导致远程代码执行。

Description (English)

Knowage is an open source package for modern business analysis on traditional resources and large data systems of Knowage Italy. Knowage 8.1.26 and previous versions contain a security loophole, which stems from the use of unsafe org.apache.commons.jxpath.JXPathContext, which may result in remote code implementation.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Knowage

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/KnowageLabs/Knowage-Server/commit/1bb60d42557724f7ed24c19df6c5017e169527ca https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-96cv-75hg-xrgq

Patch

https://github.com/KnowageLabs/Knowage-Server/releases