CVE-2025-14262Incorrect Ownership Assignment in Business HUB

CWE-708Incorrect Ownership Assignment3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 87.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Knime Business HUBKnime Business HUB
Timeline
PublishedDec 8

Description

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions. There is no workaround.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDknime/business_hub< 1.17.0
CVEListV5knime/knime_business_hub< 1.17.0

🔴Vulnerability Details

2
GHSA
GHSA-mcx7-55c8-m5jv: A wrong permission check in KNIME Business Hub before version 12025-12-08
CVEList
Jobs can be saved as workflows with wrong permissions on KNIME Business Hub2025-12-08
CVE-2025-14262 — Incorrect Ownership Assignment | cvebase