Vulnerability Details CVE-2025-3019
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data.
The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module.
There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub:
* 1.13.3 or later
* 1.12.4 or later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.3%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2025-3019
-
cpe:2.3:a:knime:business_hub:-
-
cpe:2.3:a:knime:business_hub:1.1.1
-
cpe:2.3:a:knime:business_hub:1.10.0
-
cpe:2.3:a:knime:business_hub:1.10.1
-
cpe:2.3:a:knime:business_hub:1.10.2
-
cpe:2.3:a:knime:business_hub:1.10.3
-
cpe:2.3:a:knime:business_hub:1.10.4
-
cpe:2.3:a:knime:business_hub:1.11.0
-
cpe:2.3:a:knime:business_hub:1.11.1
-
cpe:2.3:a:knime:business_hub:1.11.2
-
cpe:2.3:a:knime:business_hub:1.11.3
-
cpe:2.3:a:knime:business_hub:1.11.4
-
cpe:2.3:a:knime:business_hub:1.12.0
-
cpe:2.3:a:knime:business_hub:1.12.1
-
cpe:2.3:a:knime:business_hub:1.12.2
-
cpe:2.3:a:knime:business_hub:1.12.3
-
cpe:2.3:a:knime:business_hub:1.13.0
-
cpe:2.3:a:knime:business_hub:1.13.1
-
cpe:2.3:a:knime:business_hub:1.13.2
-
cpe:2.3:a:knime:business_hub:1.2.0
-
cpe:2.3:a:knime:business_hub:1.3.0
-
cpe:2.3:a:knime:business_hub:1.4.0
-
cpe:2.3:a:knime:business_hub:1.4.1
-
cpe:2.3:a:knime:business_hub:1.4.2
-
cpe:2.3:a:knime:business_hub:1.5.0
-
cpe:2.3:a:knime:business_hub:1.5.1
-
cpe:2.3:a:knime:business_hub:1.5.2
-
cpe:2.3:a:knime:business_hub:1.6.0
-
cpe:2.3:a:knime:business_hub:1.7.0
-
cpe:2.3:a:knime:business_hub:1.8.0
-
cpe:2.3:a:knime:business_hub:1.8.1
-
cpe:2.3:a:knime:business_hub:1.8.2
-
cpe:2.3:a:knime:business_hub:1.8.3
-
cpe:2.3:a:knime:business_hub:1.9.0