CVE-2025-2402
Published: 31 March 2025
Summary
CVE-2025-2402 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability in Knime Business Hub. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 23.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2402 is a hard-coded, non-random password vulnerability affecting the MinIO object store component in KNIME Business Hub across all versions prior to the listed patches. The flaw stems from CWE-259 and permits direct access to the object store without authentication when the password is known.
An unauthenticated remote attacker in possession of the password can read or alter swapped jobs and job input/output data, and can also trigger denial-of-service by writing large volumes of data directly to the store, disrupting most KNIME Business Hub functionality.
Advisories from KNIME and the associated GitHub Security Advisory state there are no viable workarounds and recommend immediate upgrade to versions 1.13.2 or later, 1.12.3 or later, 1.11.3 or later, or 1.10.3 or later.
The EPSS score rose from a low baseline to a peak of 0.0187, indicating emerging exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8704
Vulnerability details
A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and…
more
manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hard-coded password in exposed MinIO object store enables default account abuse (T1078.001) and exploitation of public-facing app (T1190) for unauthenticated remote read/manipulate of stored data (T1565.001) and DoS via resource exhaustion (T1499.003).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of system flaws like the hard-coded password, enabling patching to fixed KNIME Business Hub versions.
Mandates secure management of authenticators including prohibiting hard-coded passwords and changing defaults, directly preventing their embedding in components like MinIO.
Enforces secure configuration settings that avoid hard-coded credentials and restrictive modes to mitigate unauthorized access to the object store.