CVE-2025-2787
HIGHKNIME Business Hub 1.10.0-1.10.3 - Authenticated Remote Code Execution via Ingress-nginx Component
Title source: llmDescription
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://www.knime.com/security-advisory-cve-2025-2787
Scores
CVSS v3
8.8
EPSS
0.0045
EPSS Percentile
36.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
knime/business_hub
1.10.0 - 1.10.4
Published
Mar 26, 2025
Tracked Since
Feb 18, 2026