CVE-2025-2402

8.6 HIGH
Published: March 31, 2025 Modified: October 08, 2025
View on NVD

Description

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://www.knime.com/security/advisories#CVE-2025-2402
Source: security@knime.com
Vendor Advisory
https://github.com/advisories/GHSA-v5p7-3387-gpmg
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Third Party Advisory

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.6 / 10.0
EPSS (Exploit Probability)
0.2%
41th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-259

Affected Vendors

knime

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A