Cyber Resilience

CVE-2025-3019

Medium

Published: 31 March 2025

Published
31 March 2025
Modified
08 October 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Amber
EPSS Score 0.0042 62.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3019 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Knime Business Hub. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-3019 is a set of cross-site scripting (XSS) vulnerabilities, classified under CWE-79, affecting KNIME Business Hub web pages. These flaws stem from a bug in the widely used nuxt-security module, as documented in GitHub issue #610. The vulnerabilities have a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), indicating high severity due to network accessibility, low attack complexity, no required privileges, and cross-origin impact with limited confidentiality and integrity effects.

Attackers can exploit these XSS issues by crafting malicious links or web pages that, when accessed by a legitimate KNIME Business Hub user, trigger execution of arbitrary JavaScript in the victim's browser context. This grants the script the user's permissions, potentially enabling theft, loss, or modification of sensitive data within the application. No authentication is needed on the attacker's side, making it feasible for remote unauthenticated actors to target users via phishing or malicious sites.

The KNIME security advisory provides no viable workarounds and urges immediate updates to KNIME Business Hub version 1.13.3 or later, or 1.12.4 or later for affected branches. Full details are available at https://www.knime.com/security/advisories#CVE-2025-3019.

EU & UK References

Vulnerability details

KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can…

more

lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

XSS in public-facing web app enables exploitation via malicious links leading to arbitrary JavaScript execution in browser.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2402Same product: Knime Business Hub
CVE-2025-2787Same product: Knime Business Hub
CVE-2026-3231Shared CWE-79
CVE-2025-23481Shared CWE-79
CVE-2025-69302Shared CWE-79
CVE-2025-23734Shared CWE-79
CVE-2025-23571Shared CWE-79
CVE-2025-65110Shared CWE-79
CVE-2026-24948Shared CWE-79
CVE-2025-27352Shared CWE-79

Affected Assets

knime
business hub
≤ 1.12.4 · 1.13.0 — 1.13.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely flaw remediation through patching, directly addressing the requirement to update KNIME Business Hub to versions that fix the nuxt-security bug causing XSS vulnerabilities.

prevent

SI-10 requires validation of all information inputs, preventing the injection of malicious JavaScript payloads that exploit the XSS flaws in web pages.

prevent

SI-15 enforces filtering and sanitization of information outputs, blocking the execution of arbitrary JavaScript in users' browsers when rendering affected web pages.

References