CVE-2025-2787 (GCVE-0-2025-2787)
Vulnerability from cvelistv5
Published
2025-03-26 21:08
Modified
2025-04-08 20:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.
Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub:
* 1.13.3 or above
* 1.12.4 or above
* 1.11.4 or above
* 1.10.4 or above
*
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KNIME | KNIME Business Hub |
Version: 1.13.0 ≤ 1.13.2 Version: 1.12.0 ≤ 1.12.3 Version: 1.11.0 ≤ 1.11.3 Version: 0 ≤ 1.10.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T13:23:10.416717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:34:43.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KNIME Business Hub",
"vendor": "KNIME",
"versions": [
{
"lessThanOrEqual": "1.13.2",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.12.3",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.11.3",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.10.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eKNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eBesides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.13.3 or above \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.12.4 or above \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.11.4 or above \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.10.4 or above\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.\n\n\n\nBesides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: \n\n\n\n * 1.13.3 or above \n\n\n\n\n\n\n * 1.12.4 or above \n\n\n\n\n\n\n * 1.11.4 or above \n\n\n\n\n\n\n * 1.10.4 or above\n\n\n\n\n\n\n\n\n *"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T06:12:58.928Z",
"orgId": "296541fb-a0e3-4ca7-ab3d-683e666d143e",
"shortName": "KNIME"
},
"references": [
{
"url": "https://www.knime.com/security-advisory-cve-2025-2787"
}
],
"source": {
"discovery": "UPSTREAM"
},
"title": "Ingress-nginx vulnerability in KNIME Business Hub",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eFor a workaround see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.knime.com/security-advisory-cve-2025-2787\"\u003ehttps://www.knime.com/security-advisory-cve-2025-2787\u003c/a\u003e.\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "For a workaround see https://www.knime.com/security-advisory-cve-2025-2787 ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "296541fb-a0e3-4ca7-ab3d-683e666d143e",
"assignerShortName": "KNIME",
"cveId": "CVE-2025-2787",
"datePublished": "2025-03-26T21:08:08.461Z",
"dateReserved": "2025-03-25T12:49:37.982Z",
"dateUpdated": "2025-04-08T20:34:43.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"KNIME Business Hub\", \"vendor\": \"KNIME\", \"versions\": [{\"lessThanOrEqual\": \"1.13.2\", \"status\": \"affected\", \"version\": \"1.13.0\", \"versionType\": \"semver\"}, {\"lessThanOrEqual\": \"1.12.3\", \"status\": \"affected\", \"version\": \"1.12.0\", \"versionType\": \"semver\"}, {\"lessThanOrEqual\": \"1.11.3\", \"status\": \"affected\", \"version\": \"1.11.0\", \"versionType\": \"semver\"}, {\"lessThanOrEqual\": \"1.10.3\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eKNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eBesides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.13.3 or above \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.12.4 or above \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.11.4 or above \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e1.10.4 or above\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\"}], \"value\": \"KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.\\n\\n\\n\\nBesides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: \\n\\n\\n\\n * 1.13.3 or above \\n\\n\\n\\n\\n\\n\\n * 1.12.4 or above \\n\\n\\n\\n\\n\\n\\n * 1.11.4 or above \\n\\n\\n\\n\\n\\n\\n * 1.10.4 or above\\n\\n\\n\\n\\n\\n\\n\\n\\n *\"}], \"metrics\": [{\"cvssV4_0\": {\"Automatable\": \"NO\", \"Recovery\": \"USER\", \"Safety\": \"NOT_DEFINED\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"attackVector\": \"NETWORK\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"providerUrgency\": \"AMBER\", \"subAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/AU:N/R:U/V:C/RE:M/U:Amber\", \"version\": \"4.0\", \"vulnAvailabilityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"providerMetadata\": {\"orgId\": \"296541fb-a0e3-4ca7-ab3d-683e666d143e\", \"shortName\": \"KNIME\", \"dateUpdated\": \"2025-03-31T06:12:58.928Z\"}, \"references\": [{\"url\": \"https://www.knime.com/security-advisory-cve-2025-2787\"}], \"source\": {\"discovery\": \"UPSTREAM\"}, \"title\": \"Ingress-nginx vulnerability in KNIME Business Hub\", \"workarounds\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cdiv\u003eFor a workaround see \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.knime.com/security-advisory-cve-2025-2787\\\"\u003ehttps://www.knime.com/security-advisory-cve-2025-2787\u003c/a\u003e.\u003c/div\u003e\u003cbr\u003e\"}], \"value\": \"For a workaround see https://www.knime.com/security-advisory-cve-2025-2787 .\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2787\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T13:23:10.416717Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T13:25:29.740Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-2787\", \"assignerOrgId\": \"296541fb-a0e3-4ca7-ab3d-683e666d143e\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"KNIME\", \"dateReserved\": \"2025-03-25T12:49:37.982Z\", \"datePublished\": \"2025-03-26T21:08:08.461Z\", \"dateUpdated\": \"2025-04-08T20:34:43.840Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…