CVE-2025-3019 – KNIME Business Hub contains cross-site scriptin... (How to Fix)

Q: What is the severity of CVE-2025-3019?

CVE-2025-3019 has a CVSS score of 7.2 (HIGH). KNIME Business Hub contains cross-site scripting vulnerabilities that allow attackers to execute arbitrary JavaScript in users' browsers when they click malicious links or visit compromised pages. This affects all users of KNIME Business Hub versions before 1.13.3 and 1.12.4, potentially leading to data theft or unauthorized modifications.

📋 TL;DR

KNIME Business Hub contains cross-site scripting vulnerabilities that allow attackers to execute arbitrary JavaScript in users' browsers when they click malicious links or visit compromised pages. This affects all users of KNIME Business Hub versions before 1.13.3 and 1.12.4, potentially leading to data theft or unauthorized modifications.

💻 Affected Systems

Products:

KNIME Business Hub

Versions: All versions before 1.13.3 and 1.12.4

Operating Systems: All platforms running KNIME Business Hub

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability originates from nuxt-security module bug affecting web interface components.

📦 What is this software?

Business Hub by Knime

View all CVEs affecting Business Hub →

Business Hub by Knime

View all CVEs affecting Business Hub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, exfiltrate sensitive data, or modify critical business data and configurations.

🟠

Likely Case

Attackers would typically steal session tokens to hijack user accounts, leading to unauthorized access to business data and potential data exfiltration.

🟢

If Mitigated

With proper web application firewalls and input validation controls, the risk reduces to limited information disclosure or minor data manipulation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (clicking malicious link) but exploitation is straightforward once the user is tricked.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.13.3 or 1.12.4

Vendor Advisory: https://www.knime.com/security/advisories#CVE-2025-3019

Restart Required: No

Instructions:

1. Download KNIME Business Hub version 1.13.3 or 1.12.4 from official sources. 2. Backup current configuration and data. 3. Install the updated version following KNIME's upgrade documentation. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

No viable workarounds

all

Vendor states there are no viable workarounds for this vulnerability

🧯 If You Can't Patch

Implement strict Content Security Policy headers to limit script execution
Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check KNIME Business Hub version via web interface admin panel or system configuration files

Check Version:

Check web interface or consult KNIME documentation for version verification commands

Verify Fix Applied:

Confirm version is 1.13.3 or higher, or 1.12.4 or higher, and test XSS payloads are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in HTTP requests
Suspicious redirects or script injection attempts in access logs

Network Indicators:

Malicious script tags in HTTP traffic
Suspicious external script loads from KNIME interface

SIEM Query:

source="knime_logs" AND (http_request CONTAINS "<script>" OR http_request CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-3019

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.28% exploit probability (51.3th percentile)

Published: March 31, 2025

Last Updated: October 8, 2025

🔗 References

https://www.knime.com/security/advisories#CVE-2025-3019 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3019, you might also want to check these: