Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.
There is no workaround.
AnalysisAI
A security vulnerability in KNIME Business Hub (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
Technical ContextAI
Vulnerability type not specified by vendor. Affects KNIME Business Hub.
RemediationAI
Monitor vendor channels for patch availability.
More in Business Hub
View allA hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones lis
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects
An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. Rate
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. Rated medium severity (
The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user'
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulner
Same weakness CWE-708 – Incorrect Ownership Assignment
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-201697