CVE-2025-11240
📋 TL;DR
An open redirect vulnerability in KNIME Business Hub allows unauthenticated attackers to craft malicious links that redirect users to attacker-controlled pages. This affects all users of KNIME Business Hub installations prior to version 1.16.0. The vulnerability enables phishing attacks by abusing legitimate KNIME Business Hub URLs.
💻 Affected Systems
- KNIME Business Hub
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Users are redirected to sophisticated phishing sites that steal credentials, install malware, or conduct financial fraud, potentially compromising entire organizations through credential harvesting.
Likely Case
Attackers create convincing phishing emails with legitimate-looking KNIME Business Hub links that redirect to credential harvesting pages, leading to account compromise.
If Mitigated
With proper user awareness training and email filtering, users recognize suspicious links, preventing successful phishing attempts despite the vulnerability.
🎯 Exploit Status
Open redirect vulnerabilities are trivial to exploit once discovered. Attackers only need to craft a malicious URL with the redirect parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.16.0
Vendor Advisory: https://www.knime.com/security/advisories
Restart Required: Yes
Instructions:
1. Backup your KNIME Business Hub configuration and data. 2. Download KNIME Business Hub 1.16.0 from the official KNIME website. 3. Stop the KNIME Business Hub service. 4. Install version 1.16.0 following the official upgrade guide. 5. Restart the KNIME Business Hub service. 6. Verify the upgrade was successful.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allConfigure WAF rules to block URLs containing redirect parameters to external domains
Reverse Proxy Filtering
allConfigure reverse proxy to validate and sanitize redirect URLs before reaching the application
🧯 If You Can't Patch
- Implement strict email filtering to block suspicious links and educate users about phishing risks
- Deploy network monitoring to detect unusual redirect patterns and implement URL validation at the network perimeter
🔍 How to Verify
Check if Vulnerable:
Check if your KNIME Business Hub version is below 1.16.0 via the admin interface or by examining the installation directory version filesCheck Version:
Check the version in the KNIME Business Hub admin dashboard or examine the version.txt file in the installation directoryVerify Fix Applied:
After upgrading to 1.16.0, test that redirect parameters to external domains are properly validated and blocked📡 Detection & Monitoring
Log Indicators:
- HTTP requests with redirect parameters pointing to external domains
- Unusual number of redirect responses from the application
Network Indicators:
- HTTP 302/301 redirects to unexpected external domains
- Patterns of users accessing KNIME Business Hub then immediately being redirected elsewhere
SIEM Query:
source="knime_business_hub" AND (http_status=302 OR http_status=301) AND url CONTAINS "redirect=" AND NOT url CONTAINS "knime.com"