CVE-2025-2787

216.73.217.174

· Published 26/03/2025 21:15 · Modified 27/03/2025 16:45

Labels: CVE-2025-2787 2025-03-26 CVE-2025-2787 CWE-94 [email protected]

Essential information

Published: 26/03/2025 21:15
Modified: 27/03/2025 16:45
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
knime / business hub	`cpe:2.3:a:knime:business_hub:1.13.3:::::::*`
knime / business hub	`cpe:2.3:a:knime:business_hub:1.12.4:::::::*`
knime / business hub	`cpe:2.3:a:knime:business_hub:1.11.4:::::::*`
knime / business hub	`cpe:2.3:a:knime:business_hub:1.10.4:::::::*`