Cyber Resilience

CVE-2025-59954

CriticalPublic PoCRCE

Published: 30 September 2025

Published
30 September 2025
Modified
08 October 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 32.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59954 is a critical-severity Code Injection (CWE-94) vulnerability in Eng Knowage. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-59954 is a remote code execution vulnerability in Knowage, an open source analytics and business intelligence suite. Versions 8.1.26 and below are affected due to unsafe usage of org.apache.commons.jxpath.JXPathContext in the MetaService.java service. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An unauthenticated attacker with network access can exploit this vulnerability with low attack complexity and without requiring user interaction. Successful exploitation enables remote code execution, resulting in high impacts to confidentiality, integrity, and availability.

The vulnerability is fixed in Knowage version 8.1.27. Mitigation involves upgrading to this patched version. Further details are provided in the GitHub security advisory GHSA-96cv-75hg-xrgq and the fixing commit at https://github.com/KnowageLabs/Knowage-Server/commit/1bb60d42557724f7ed24c19df6c5017e169527ca.

EU & UK References

Vulnerability details

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated RCE in a public-facing web application (CWE-94) enables initial access via exploitation of the exposed service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-13773Shared CWE-94
CVE-2025-50692Shared CWE-94
CVE-2026-30643Shared CWE-94
CVE-2026-30460Shared CWE-94
CVE-2025-71243Shared CWE-94
CVE-2026-44262Shared CWE-94
CVE-2024-13792Shared CWE-94
CVE-2020-37052Shared CWE-94
CVE-2026-42555Shared CWE-94
CVE-2025-65037Shared CWE-94

Affected Assets

eng
knowage
≤ 8.1.27

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely flaw remediation through patching, as recommended for this RCE vulnerability fixed in Knowage 8.1.27.

prevent

Requires input validation to prevent code injection attacks exploiting unsafe JXPathContext usage in MetaService.java (CWE-94).

detect

Enables vulnerability scanning to identify and prioritize this specific RCE flaw in Knowage versions 8.1.26 and below.

References