CVE-2025-11240 MEDIUM

CVE-2025-11240: Open redirect vulnerability in KNIME Business Hub

Vendor Knime

Product KNIME Business Hub

Weakness CWE-601 · Open redirect

Published October 2, 2025

Last update October 2, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/U:Green

What the vulnerability does

01Description

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.

Key dates

02Disclosure timeline

October 2, 2025 CVE published

October 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11240 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

CVE-2025-11240: Open redirect vulnerability in KNIME Business Hub

01Description

02Disclosure timeline

03References

04Related CVE