CVE-2025-3019

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3019
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.knime.com/security/advisories#CVE-2025-3019 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:knime:business_hub:*:*:*:*:*:*:*:*
cpe:2.3:a:knime:business_hub:*:*:*:*:*:*:*:*
History

08 Oct 2025, 17:18

Type Values Removed Values Added
CPE cpe:2.3:a:knime:business_hub:*:*:*:*:*:*:*:*
References () https://www.knime.com/security/advisories#CVE-2025-3019 - () https://www.knime.com/security/advisories#CVE-2025-3019 - Vendor Advisory
First Time Knime
Knime business Hub
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2

01 Apr 2025, 20:26

Type Values Removed Values Added
Summary
  • (es) KNIME Business Hub se ve afectado por varias vulnerabilidades de cross-site scripting en sus páginas web. Si un usuario hace clic en un enlace malicioso o abre una página web maliciosa, se puede ejecutar un código JavaScript arbitrario con sus permisos. Esto puede provocar la pérdida de información o la modificación de datos existentes. Los problemas se deben a un error (https://github.com/Baroshem/nuxt-security/issues/610) en el módulo nuxt-security, ampliamente utilizado. No existen workarounds viables, por lo que recomendamos encarecidamente actualizar a una de las siguientes versiones de KNIME Business Hub: * 1.13.3 o posterior * 1.12.4 o posterior

31 Mar 2025, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-31 07:15

Updated : 2025-10-08 17:18

NVD link : CVE-2025-3019

Mitre link : CVE-2025-3019

CVE.ORG link : CVE-2025-3019

JSON object : View

Products Affected

knime

  • business_hub
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')