CVE-2025-11240

Medium CVSS: 5.3

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.

Vendor

Knime

Product

Business Hub

CWE

CWE-601

Yayın Tarihi

2025-10-02 13:15:31

Güncelleme

2025-10-08 17:17:13

Source Identifier

security@knime.com

KEV Date Added

Kategoriler

CWE-601 Business Hub MEDIUM Knime 2025

Referanslar

https://www.knime.com/security/advisories

Benzer Kayıtlar

Medium

CVE-2025-14262

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other…

Low

CVE-2025-11239

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user'…

Medium

CVE-2025-3019

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a m…

High

CVE-2025-2402

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones lis…

High

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects…