Cyber Posture

CVE-2025-2402

High

Published: 31 March 2025

Published
31 March 2025
Modified
08 October 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0050 66.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

Security Summary

CVE-2025-2402 is a vulnerability involving a hard-coded, non-random password in the MinIO object store component of KNIME Business Hub, affecting all versions except 1.13.2 or later, 1.12.3 or later, 1.11.3 or later, and 1.10.3 or later. Classified under CWE-259 (Use of Hard-coded Password), it has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H), indicating high severity due to its network accessibility and lack of prerequisites.

An unauthenticated remote attacker who obtains the hard-coded password can exploit this to read and manipulate swapped jobs, as well as in- and output data of active jobs in KNIME Business Hub. Additionally, the attacker can cause a denial-of-service condition impacting most functionality by writing large amounts of data directly to the object store.

KNIME advisories state there are no viable workarounds and strongly recommend updating to one of the patched versions listed above. Further details are available in the official KNIME security advisory at https://www.knime.com/security/advisories#CVE-2025-2402 and the GitHub advisory at https://github.com/advisories/GHSA-v5p7-3387-gpmg.

Details

CWE(s)
CWE-259

Affected Products

knime
business hub
≤ 1.10.3 · 1.11.0 — 1.11.3 · 1.12.0 — 1.12.3

MITRE ATT&CK Enterprise Techniques

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
attack.mitre.org →
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
Why these techniques?

Hard-coded password in exposed MinIO object store enables default account abuse (T1078.001) and exploitation of public-facing app (T1190) for unauthenticated remote read/manipulate of stored data (T1565.001) and DoS via resource exhaustion (T1499.003).

References