CVE-2025-3019
Published: 31 March 2025
Summary
CVE-2025-3019 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Knime Business Hub. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely flaw remediation through patching, directly addressing the requirement to update KNIME Business Hub to versions that fix the nuxt-security bug causing XSS vulnerabilities.
SI-10 requires validation of all information inputs, preventing the injection of malicious JavaScript payloads that exploit the XSS flaws in web pages.
SI-15 enforces filtering and sanitization of information outputs, blocking the execution of arbitrary JavaScript in users' browsers when rendering affected web pages.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in public-facing web app enables exploitation via malicious links leading to arbitrary JavaScript execution in browser.
NVD Description
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can…
more
lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later
Deeper analysisAI
CVE-2025-3019 is a set of cross-site scripting (XSS) vulnerabilities, classified under CWE-79, affecting KNIME Business Hub web pages. These flaws stem from a bug in the widely used nuxt-security module, as documented in GitHub issue #610. The vulnerabilities have a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), indicating high severity due to network accessibility, low attack complexity, no required privileges, and cross-origin impact with limited confidentiality and integrity effects.
Attackers can exploit these XSS issues by crafting malicious links or web pages that, when accessed by a legitimate KNIME Business Hub user, trigger execution of arbitrary JavaScript in the victim's browser context. This grants the script the user's permissions, potentially enabling theft, loss, or modification of sensitive data within the application. No authentication is needed on the attacker's side, making it feasible for remote unauthenticated actors to target users via phishing or malicious sites.
The KNIME security advisory provides no viable workarounds and urges immediate updates to KNIME Business Hub version 1.13.3 or later, or 1.12.4 or later for affected branches. Full details are available at https://www.knime.com/security/advisories#CVE-2025-3019.
Details
- CWE(s)