CVE-2025-2402 – KNIME Business Hub uses a hard-coded, non-rando... (How to Fix)

Q: What is the severity of CVE-2025-2402?

CVE-2025-2402 has a CVSS score of 8.6 (HIGH). KNIME Business Hub uses a hard-coded, non-random password for its MinIO object store, allowing unauthenticated remote attackers with the password to read/manipulate job data and cause denial-of-service. All KNIME Business Hub versions except specific patched releases are affected.

📋 TL;DR

KNIME Business Hub uses a hard-coded, non-random password for its MinIO object store, allowing unauthenticated remote attackers with the password to read/manipulate job data and cause denial-of-service. All KNIME Business Hub versions except specific patched releases are affected.

💻 Affected Systems

Products:

KNIME Business Hub

Versions: All versions except: 1.13.2+, 1.12.3+, 1.11.3+, 1.10.3+

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Default installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of job data integrity, exposure of sensitive business data, and service disruption through DoS attacks.

🟠

Likely Case

Unauthorized access to job data and potential data manipulation by attackers who discover the hard-coded password.

🟢

If Mitigated

Limited impact if network segmentation prevents external access, but internal threats remain.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible if service is exposed to internet.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of the hard-coded password, but once obtained, attack is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.13.2, 1.12.3, 1.11.3, or 1.10.3

Vendor Advisory: https://www.knime.com/security/advisories#CVE-2025-2402

Restart Required: Yes

Instructions:

1. Download patched version from KNIME. 2. Backup configuration and data. 3. Stop KNIME Business Hub service. 4. Install patched version. 5. Restart service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to KNIME Business Hub and MinIO object store to trusted IPs only

Use firewall rules to block external access to KNIME Business Hub ports

🧯 If You Can't Patch

Implement strict network segmentation to isolate KNIME Business Hub from untrusted networks
Monitor MinIO object store access logs for unauthorized connection attempts

🔍 How to Verify

Check if Vulnerable:

Check KNIME Business Hub version; if not 1.13.2+, 1.12.3+, 1.11.3+, or 1.10.3+, system is vulnerable

Check Version:

Check KNIME Business Hub admin interface or configuration files for version information

Verify Fix Applied:

Verify version is updated to patched release and test MinIO access with old credentials fails

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to MinIO object store
Unusual data manipulation patterns in job logs

Network Indicators:

Unexpected connections to MinIO ports (default 9000, 9001)
Large data transfers to object store

SIEM Query:

source="knime_logs" AND (event="unauthorized_access" OR event="minio_auth_failure")

📊 Metadata

CVE ID: CVE-2025-2402

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE: CWE-259

EPSS Score: 0.5% exploit probability (65.3th percentile)

Published: March 31, 2025

Last Updated: October 8, 2025

🔗 References

https://www.knime.com/security/advisories#CVE-2025-2402 Vendor Advisory
https://github.com/advisories/GHSA-v5p7-3387-gpmg Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2402, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Business Hub by Knime

Business Hub by Knime

Business Hub by Knime

Business Hub by Knime

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Isolation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities