What is CVE-2025-2402?

CVE-2025-2402 is a vulnerability in Knime Business Hub, classified under Use of Hard-coded Password. Published 2025-03-31.

Is CVE-2025-2402 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Knime Business Hub

CVE-2025-2402

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs o…

EPSS: 0.009 (76.6th percentile) — read the EPSS interpretation.

Affected products

Knime Business Hub — versions 1.13.0, 1.12.0, 1.11.0

Weakness classification (CWE)

CWE-259 — Use of Hard-coded Password

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.knime.com/security/advisories

Frequently asked questions

What is CVE-2025-2402?: CVE-2025-2402 is a vulnerability in Knime Business Hub, classified under Use of Hard-coded Password. Published 2025-03-31.
Is CVE-2025-2402 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.