CVE-2025-11239
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-02

Last updated on: 2025-10-08

Assigner: KNIME AG

Description
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-02
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-10-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11239
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
knime business_hub to 1.16.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves potentially sensitive information in jobs on KNIME Business Hub versions prior to 1.16.0 being visible to all members of the user's team. After version 1.16.0, only metadata of jobs is shown to team members, and only the creator of a job can see all information including input and output data if present.

Impact Analysis

The vulnerability could lead to unintended exposure of sensitive job information to all team members, potentially compromising confidentiality of input and output data within the KNIME Business Hub environment.

Mitigation Strategies

Upgrade KNIME Business Hub to version 1.16.0 or later, as starting with this version only metadata of jobs is shown to team members, and only the creator of a job can see all information including in- and output data. This change mitigates the exposure of potentially sensitive information to all team members.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11239. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart