Cyber Resilience

CVE-2025-2402

High

Published: 31 March 2025

Published
31 March 2025
Modified
08 October 2025
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber
EPSS Score 0.0094 76.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2402 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability in Knime Business Hub. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 23.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-2402 is a hard-coded, non-random password vulnerability affecting the MinIO object store component in KNIME Business Hub across all versions prior to the listed patches. The flaw stems from CWE-259 and permits direct access to the object store without authentication when the password is known.

An unauthenticated remote attacker in possession of the password can read or alter swapped jobs and job input/output data, and can also trigger denial-of-service by writing large volumes of data directly to the store, disrupting most KNIME Business Hub functionality.

Advisories from KNIME and the associated GitHub Security Advisory state there are no viable workarounds and recommend immediate upgrade to versions 1.13.2 or later, 1.12.3 or later, 1.11.3 or later, or 1.10.3 or later.

The EPSS score rose from a low baseline to a peak of 0.0187, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and…

more

manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.003 Application Exhaustion Flood Impact
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Hard-coded password in exposed MinIO object store enables default account abuse (T1078.001) and exploitation of public-facing app (T1190) for unauthenticated remote read/manipulate of stored data (T1565.001) and DoS via resource exhaustion (T1499.003).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010: AI Supply Chain CompromiseAML.T0024: Exfiltration via AI Inference APIAML.T0048: External Harms

CVEs Like This One

CVE-2025-3019Same product: Knime Business Hub
CVE-2025-2787Same product: Knime Business Hub
CVE-2025-59388Shared CWE-259
CVE-2025-1100Shared CWE-259
CVE-2026-25753Shared CWE-259
CVE-2025-70041Shared CWE-259
CVE-2025-46067Shared CWE-259
CVE-2025-30106Shared CWE-259
CVE-2025-70798Shared CWE-259
CVE-2026-7251Shared CWE-259

Affected Assets

knime
business hub
≤ 1.10.3 · 1.11.0 — 1.11.3 · 1.12.0 — 1.12.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of system flaws like the hard-coded password, enabling patching to fixed KNIME Business Hub versions.

prevent

Mandates secure management of authenticators including prohibiting hard-coded passwords and changing defaults, directly preventing their embedding in components like MinIO.

prevent

Enforces secure configuration settings that avoid hard-coded credentials and restrictive modes to mitigate unauthorized access to the object store.

References