CVE-2025-2402

High CVSS: 8.8

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly.

There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub:

* 1.13.2 or later

* 1.12.3 or later

* 1.11.3 or later

* 1.10.3 or later

Vendor

Knime

Product

Business Hub

CWE

CWE-259

Yayın Tarihi

2025-03-31 07:15:18

Güncelleme

2025-10-08 17:16:33

Source Identifier

security@knime.com

KEV Date Added

Kategoriler

CWE-259 Business Hub HIGH Knime 2025

Referanslar

https://www.knime.com/security/advisories#CVE-2025-2402 https://github.com/advisories/GHSA-v5p7-3387-gpmg

Benzer Kayıtlar

Medium

CVE-2025-14262

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other…

Low

CVE-2025-11239

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user'…

Medium

CVE-2025-11240

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker…

Medium

CVE-2025-3019

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a m…

High

CVE-2025-2787

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects…