CVE-2025-2787 – This vulnerability in KNIME Business Hub's ingr... (How to Fix)

Q: What is the severity of CVE-2025-2787?

CVE-2025-2787 has a CVSS score of 8.8 (HIGH). This vulnerability in KNIME Business Hub's ingress-nginx component allows authenticated attackers to potentially execute arbitrary code within the Kubernetes cluster. It affects all KNIME Business Hub deployments using vulnerable ingress-nginx versions. The risk is reduced since exploitation requires authenticated access to the cluster.

📋 TL;DR

This vulnerability in KNIME Business Hub's ingress-nginx component allows authenticated attackers to potentially execute arbitrary code within the Kubernetes cluster. It affects all KNIME Business Hub deployments using vulnerable ingress-nginx versions. The risk is reduced since exploitation requires authenticated access to the cluster.

💻 Affected Systems

Products:

KNIME Business Hub

Versions: All versions below 1.13.3, 1.12.4, 1.11.4, and 1.10.4

Operating Systems: Any OS running KNIME Business Hub

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments where ingress-nginx component is used and accessible from within the cluster.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete takeover of the Kubernetes cluster, allowing full control over all cluster resources and workloads.

🟠

Likely Case

Privilege escalation within the cluster, allowing attackers to access sensitive data or deploy malicious workloads.

🟢

If Mitigated

Limited impact due to authentication requirements and network segmentation controls.

🌐 Internet-Facing: LOW - The vulnerable component is not directly internet-facing according to the advisory.

🏢 Internal Only: MEDIUM - Requires authenticated access to the cluster, but could lead to significant impact if exploited.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access to the Kubernetes cluster and knowledge of the ingress-nginx vulnerability CVE-2025-1974.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: KNIME Business Hub 1.13.3+, 1.12.4+, 1.11.4+, or 1.10.4+

Vendor Advisory: https://www.knime.com/security-advisory-cve-2025-2787

Restart Required: No

Instructions:

1. Backup your KNIME Business Hub configuration and data. 2. Update to one of the patched versions: 1.13.3+, 1.12.4+, 1.11.4+, or 1.10.4+. 3. Verify the update completed successfully. 4. Monitor for any issues post-update.

🔧 Temporary Workarounds

Apply ingress-nginx CVE-2025-1974 workarounds

all

Implement workarounds specific to the underlying ingress-nginx vulnerability CVE-2025-1974

🧯 If You Can't Patch

Implement strict network segmentation to limit access to the ingress-nginx component
Enforce strong authentication and authorization controls for cluster access

🔍 How to Verify

Check if Vulnerable:

Check your KNIME Business Hub version against affected versions. If below 1.13.3, 1.12.4, 1.11.4, or 1.10.4, you are vulnerable.

Check Version:

Check KNIME Business Hub admin interface or deployment configuration for version information.

Verify Fix Applied:

Verify KNIME Business Hub version is 1.13.3+, 1.12.4+, 1.11.4+, or 1.10.4+ after update.

📡 Detection & Monitoring

Log Indicators:

Unusual ingress-nginx configuration changes
Suspicious requests to ingress-nginx endpoints
Unexpected pod creation or privilege escalation attempts

Network Indicators:

Unusual traffic patterns to/from ingress-nginx services
Suspicious internal cluster communications

SIEM Query:

Search for ingress-nginx configuration modifications or privilege escalation attempts in Kubernetes audit logs

📊 Metadata

CVE ID: CVE-2025-2787

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.34% exploit probability (55.8th percentile)

Published: March 26, 2025

Last Updated: October 8, 2025

🔗 References

https://www.knime.com/security-advisory-cve-2025-2787 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2787, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Business Hub by Knime

Business Hub by Knime

Business Hub by Knime

Business Hub by Knime

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Apply ingress-nginx CVE-2025-1974 workarounds

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities