KNIME logo
Contact usDownload

Security Advisory for CVE-2025-2402

Angle PatternAngle PatternPanel BGPanel BG

Description

Vulnerability (Detailed) 

Execution services use static MinIO secret. 

A security vulnerability has been discovered in all versions of KNIME Business Hub. We've identified that the current Kubernetes secret configuration could potentially allow parties with specific credential knowledge to interact with job-related data on accessible KNIME Business Hub installations.

The corresponding CVE record CVE-2025-2402 will be made public on March, 31st 2025.

Affected Versions

All versions of KNIME Business Hub (version 1.13.x, 1.12.x, 1.11.x, 1.10.x or older).

Severity

The vulnerability is rated HIGH (CVSS Score 8.8).

Exploitability 

We assess the risk of exploitation as very low. We proactively discovered the issue during our internal development process. It was not detected in any previous penetration tests, it is not publicly known, and it only affects our KNIME Business Hub software setup.

What do you need to do?

We strongly recommend upgrading to one of the following patched versions as soon as possible:

  • KNIME Business Hub version 1.13.x, please upgrade to 1.13.2.
  • KNIME Business Hub version 1.12.x, please upgrade to 1.12.3
  • KNIME Business Hub version 1.11.x, please upgrade to 1.11.3.
  • KNIME Business Hub version 1.10.x or older, please upgrade to 1.10.3.

Workaround

There is no viable workaround for this issue.

Forensic analysis

It is possible to verify whether the vulnerability has been exploited by reviewing requests made to the embedded object store (MinIO). These requests are logged by the ingress-nginx-controller container. Suspicious activity may be identified if you observe:

  • Requests originating from a cluster-external IP address,
  • Requests with a path prefix of /knime-execution-jobs, and
  • Requests lacking parameters such as X-Amz-Signature or X-Amz-Credential, indicating they are not pre-signed URLs.

Such requests should be considered potentially suspicious and warrant further investigation. We have included some examples for your reference.

Some examples: 

If you have any questions or require additional guidance, please contact support@knime.com