CVE-2025-14262
BaseFortify
Publication date: 2025-12-08
Last updated on: 2026-02-27
Assigner: KNIME AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| knime | business_hub | to 1.17.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-708 | The product assigns an owner to a resource, but the owner is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a wrong permission check in KNIME Business Hub before version 1.17.0 that allows an authenticated user to save jobs belonging to other users as if they were the job owners. Although the attacker must have permission to access the jobs, the flaw lets them save these jobs into the catalog service with the wrong owner permissions, potentially allowing saving into spaces where the attacker does not have write permissions.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user with access to jobs to save or overwrite jobs in spaces where they do not have write permissions. This could lead to unauthorized modification or insertion of jobs, potentially disrupting workflows, causing data integrity issues, or enabling privilege escalation within the KNIME Business Hub environment.
What immediate steps should I take to mitigate this vulnerability?
There is no workaround available for this vulnerability. The immediate step to mitigate this vulnerability is to upgrade KNIME Business Hub to version 1.17.0 or later, where the permission check issue has been fixed.