CVE-2025-2787
Published: 26 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-2787 affects KNIME Business Hub deployments through its use of the ingress-nginx component, which is vulnerable to CVE-2025-1974, also known as IngressNightmare. This code injection vulnerability, classified under CWE-94, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue stems from the ingress-nginx controller's handling of certain configurations, enabling remote code execution within the Kubernetes environment where KNIME Business Hub operates.
Exploitation requires an authenticated user with access from within the Kubernetes cluster, limiting the attack surface compared to fully public exposures. A successful attack could allow the adversary to achieve remote code execution on the ingress-nginx pod, potentially leading to a complete takeover of the Kubernetes cluster in the worst case. While the cluster-internal reachability slightly reduces the contextual severity for KNIME Business Hub, the high-impact potential warrants immediate attention.
The KNIME security advisory recommends applying publicly known workarounds for CVE-2025-1974 alongside updating to patched versions of KNIME Business Hub: 1.13.3 or later, 1.12.4 or later, 1.11.4 or later, or 1.10.4 or later. Full details are available at https://www.knime.com/security-advisory-cve-2025-2787.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The code injection vulnerability enables RCE on the ingress-nginx pod from within the Kubernetes cluster (requiring authenticated internal access), directly facilitating exploitation of remote services for code execution and privilege escalation potentially leading to full cluster takeover.