CVE-2025-2787Code Injection in Business HUB

CWE-94Code InjectionCWE-532Log File Information Exposure4 documents4 sources
Severity
8.7HIGHNVD
CNA9.8
EPSS
0.3%
top 43.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Knime Business HUBKnime Business HUB
Timeline
PublishedMar 26
Latest updateAug 26

Description

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

Affected Packages2 packages

NVDknime/business_hub1.10.01.10.4+3
CVEListV5knime/knime_business_hub1.13.01.13.2+3

🔴Vulnerability Details

3
GHSA
traQ Allows Insertion of Sensitive Information into Log File2025-08-26
GHSA
GHSA-x237-489c-52j2: KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a2025-03-26
CVEList
Ingress-nginx vulnerability in KNIME Business Hub2025-03-26
CVE-2025-2787 — Code Injection in Knime Business HUB | cvebase