CVE-2025-2787 HIGH

CVE-2025-2787: Ingress-nginx vulnerability in KNIME Business Hub

Vendor Knime

Product KNIME Business Hub

Published March 26, 2025

Last update April 8, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

What the vulnerability does

Description

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *

Key dates

Disclosure timeline

March 26, 2025 CVE published

April 8, 2025 Record updated

Identifiers

CVE CVE-2025-2787

CVSS 8.7 / HIGH

Affected versions

Vendor Knime

Product KNIME Business Hub

Affected ≥ 1.13.0 and ≤ 1.13.2

Vendor Knime

Product KNIME Business Hub

Affected ≥ 1.12.0 and ≤ 1.12.3

Vendor Knime

Product KNIME Business Hub

Affected ≥ 1.11.0 and ≤ 1.11.3

Vendor Knime

Product KNIME Business Hub

Affected ≤ 1.10.3