CVE-2025-2787

High CVSS: 8.7

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.

Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub:

* 1.13.3 or above

* 1.12.4 or above

* 1.11.4 or above

* 1.10.4 or above

*

Vendor

Knime

Product

Business Hub

CWE

CWE-94

Yayın Tarihi

2025-03-26 21:15:23

Güncelleme

2025-10-08 17:19:11

Source Identifier

security@knime.com

KEV Date Added

Kategoriler

CWE-94 Business Hub HIGH Knime 2025

Referanslar

https://www.knime.com/security-advisory-cve-2025-2787

Benzer Kayıtlar

Medium

CVE-2025-14262

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other…

Low

CVE-2025-11239

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user'…

Medium

CVE-2025-11240

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker…

Medium

CVE-2025-3019

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a m…

High

CVE-2025-2402

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones lis…