CVE-2025-14262
📋 TL;DR
This vulnerability in KNIME Business Hub allows authenticated users to save other users' jobs with the original owner's permissions, potentially enabling unauthorized writes to catalog spaces. It affects all KNIME Business Hub users with job access permissions. The issue stems from incorrect permission checks in the catalog service.
💻 Affected Systems
- KNIME Business Hub
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could overwrite critical business workflows, inject malicious code into shared jobs, or corrupt the catalog service by writing to protected spaces.
Likely Case
Unauthorized modification of shared jobs leading to data integrity issues, workflow disruptions, or privilege escalation within the catalog.
If Mitigated
With proper access controls and monitoring, impact is limited to job manipulation within authorized spaces, but catalog integrity remains at risk.
🎯 Exploit Status
Exploitation requires authenticated access to the Business Hub with permissions to view other users' jobs. The vulnerability is straightforward to trigger once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.17.0
Vendor Advisory: https://www.knime.com/security/advisories#CVE-2025-11239
Restart Required: Yes
Instructions:
1. Backup your KNIME Business Hub configuration and data. 2. Download KNIME Business Hub version 1.17.0 or later from the official KNIME website. 3. Follow the KNIME upgrade documentation for your deployment type (on-premises or cloud). 4. Restart the Business Hub service after upgrade. 5. Verify the fix by testing job saving permissions.
🔧 Temporary Workarounds
No workaround available
allThe vendor advisory states there is no workaround for this vulnerability.
🧯 If You Can't Patch
- Restrict user permissions to only necessary job access and implement strict least-privilege principles.
- Enable detailed audit logging for all job save operations and monitor for unauthorized modifications.
🔍 How to Verify
Check if Vulnerable:
Check the KNIME Business Hub version via the admin interface or by examining the deployment configuration files. Versions below 1.17.0 are vulnerable.Check Version:
Check the web interface admin panel or review the server logs for version information. For command line: grep 'version' /path/to/knime/config files or check the application metadata.Verify Fix Applied:
After upgrading to 1.17.0 or later, test that users cannot save jobs with other users' permissions by attempting to save a job owned by another user to a space where the test user lacks write permissions.📡 Detection & Monitoring
Log Indicators:
- Unusual job save operations from users modifying jobs they don't own
- Catalog service permission errors or unexpected write successes
Network Indicators:
- HTTP POST requests to job save endpoints with mismatched user/job owner identifiers
SIEM Query:
source="knime_business_hub" AND (event="job_save" AND user!=job_owner) OR (event="catalog_write" AND result="success" AND user_permission="insufficient")