8.8

CVE-2025-2787

Ingress-nginx vulnerability in KNIME Business Hub

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.



Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: 



  *  1.13.3 or above 






  *  1.12.4 or above 






  *  1.11.4 or above 






  *  1.10.4 or above








  *
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KnimeBusiness Hub Version >= 1.10.0 < 1.10.4
KnimeBusiness Hub Version >= 1.11.0 < 1.11.4
KnimeBusiness Hub Version >= 1.12.0 < 1.12.4
KnimeBusiness Hub Version >= 1.13.0 < 1.13.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.359
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@knime.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.knime.com/security-advisory-cve-2025-2787
Vendor Advisory
Mitigation