CVE-2025-11240
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-11240, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-02

Last updated on: 2025-10-08

Assigner: KNIME AG

Description

An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-02
Last Modified
2025-10-08
Generated
2026-07-06
AI Q&A
2025-10-02
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
knime business_hub to 1.16.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an open redirect issue in KNIME Business Hub versions prior to 1.16.0. It allows an unauthenticated remote attacker to create a specially crafted link to a legitimate KNIME Business Hub site that, when clicked by a user, redirects them to a web page controlled by the attacker. This can be exploited for phishing or similar attacks.

Impact Analysis

The vulnerability can lead to users being redirected to malicious websites without their knowledge, potentially exposing them to phishing attacks or other harmful activities initiated by attackers.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade KNIME Business Hub to version 1.16.0 or later, where the open redirect issue has been fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11240. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart