Jobs can be saved as workflows with wrong permissions on...

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Green

Description

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.

There is no workaround.

Basic Information

ID CVE-2025-14262

Source KNIME

Published Dec 8, 2025 at 09:34

Affected Product

Vendor KNIME

Product KNIME Business Hub

Affected Versions KNIME KNIME Business Hub 0

CWE Classification

CWE-708

References

www.knime.com /security/advisories

{
    "lastseen": "",
    "description": "A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.\n\nThere is no workaround.",
    "published": "2025-12-08T09:34:45.784Z",
    "modified": "2025-12-08T09:34:45.784Z",
    "type": "cve",
    "title": "Jobs can be saved as workflows with wrong permissions on KNIME Business Hub",
    "source": "KNIME",
    "references": "https://www.knime.com/security/advisories#CVE-2025-11239",
    "id": "CVE-2025-14262",
    "bulletinFamily": "",
    "cwe": [
        "CWE-708"
    ],
    "cvelist": null,
    "sourceData": "KNIME KNIME Business Hub 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Green",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "KNIME Business Hub",
    "version": "0",
    "vendor": "KNIME",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Jobs can be saved as workflows with wrong permissions on KNIME Business Hub_CVE-2025-14262