VYPR
Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025

Cross-site scripting vulnerabilities in KNIME Business Hub web pages

CVE-2025-3019

Description

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module.

There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub:

  • 1.13.3 or later
  • 1.12.4 or later

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Knime/Business Hubllm-fuzzy2 versions
    >=1.12.4, <1.13.3+ 1 more
    • (no CPE)range: >=1.12.4, <1.13.3
    • (no CPE)range: 1.13.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.