CVE-2025-2402HIGH 8.6EPSS p26.2%

CVE-2025-2402CVE-2025-2402

Description

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS0.34% probability of exploitation · percentile 26.2% · 2026-06-19T12:03:05Z
Published2025-03-31
Last modified2025-10-08

Underlying weaknesses· 1

CWE-259

References

  1. https://www.knime.com/security/advisories#CVE-2025-2402
  2. https://github.com/advisories/GHSA-v5p7-3387-gpmg

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Passwordcwe-2590%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2787
CVE
CVE-2025-59388
CVE
CVE-2025-0061
CVE
CVE-2026-31986
CVE
CVE-2025-37093
CVE
CVE-2026-45434
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.