Cross-Site Scripting Vulnerabilities in KNIME Business Hub
CVE-2025-3019

5.3MEDIUM

Key Information:

Vendor: Knime
Status: Knime Business Hub
Vendor: CVE Published:; 31 March 2025

What is CVE-2025-3019?

KNIME Business Hub contains multiple vulnerabilities related to cross-site scripting (XSS) in its web pages, enabling potential attackers to exploit these weaknesses through malicious links or web pages. When a user clicks on such a link, arbitrary JavaScript could be executed within the user's browser context, leading to possible data loss or unauthorized modification of existing data. This vulnerability arises from an underlying issue in the commonly utilized nuxt-security module, which lacks viable workarounds. It is critical for users to upgrade to versions 1.13.3 or later, or 1.12.4 or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

KNIME Business Hub 1.13.0 < 1.13.3

KNIME Business Hub 1.12.0 < 1.12.4

References

https://www.knime.com/security/advisories#CVE-2025-3019

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 31, 2025

JSON

Knime