CVE-2025-3019 MEDIUM

CVE-2025-3019: Cross-site scripting vulnerabilities in KNIME Business Hub web pages

Vendor Knime

Product KNIME Business Hub

Weakness CWE-79 · XSS

Published March 31, 2025

Last update March 31, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/AU:Y/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later

Key dates

02Disclosure timeline

March 31, 2025 CVE published

March 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3019 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-3019

CWE CWE-79

CVSS 5.3 / MEDIUM

Affected versions

Vendor Knime

Product KNIME Business Hub

Affected ≥ 1.13.0 and < 1.13.3

Vendor Knime

Product KNIME Business Hub

Affected ≥ 1.12.0 and < 1.12.4

CVE-2025-3019: Cross-site scripting vulnerabilities in KNIME Business Hub web pages

01Description

02Disclosure timeline

03References

04Related CVE