CVE-2025-14262

EPSS 0.15%
Veröffentlicht 08.12.2025 09:34:45
Zuletzt bearbeitet 27.02.2026 03:38:57
Quelle security@knime.com
CVE-Watchlists
Login
Unerledigt
Login

Jobs can be saved as workflows with wrong permissions on KNIME Business Hub

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.

There is no workaround.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Knime ≫ Business Hub Version < 1.17.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security@knime.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Green

CWE-708 Incorrect Ownership Assignment

The product assigns an owner to a resource, but the owner is outside of the intended control sphere.

https://www.knime.com/security/advisories#CVE-2025-11239

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-14262

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14262

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14262

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-14262