CVE-2025-11239 — Incorrect Authorization in Business HUB

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

2.3LOWNVD

EPSS

0.0%

top 89.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Knime Business HUB Knime Business HUB

Timeline

PublishedOct 2

Description

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDknime/business_hub< 1.16.0

▶CVEListV5knime/knime_business_hub< 1.16.0

🔴Vulnerability Details

CVEList

Job details are visible to all team members on KNIME Business Hub↗2025-10-02

▶

GHSA

GHSA-967v-9xqg-gjxg: Potentially sensitive information in jobs on KNIME Business Hub prior to 1↗2025-10-02

▶