CVE-2025-3019

Published: Mar 31, 2025

Modified: Mar 31, 2025

PUBLISHED

Description

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later

Vendor	Product	Versions
KNIME	KNIME Business Hub	affected `1.13.0 - < 1.13.3` affected `1.12.0 - < 1.12.4`

Weaknesses (CWE)

CWE-79

References

https://www.knime.com/security/advisories#CVE-2025-3019

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-3019

Description

Affected Products

Weaknesses (CWE)

References