KNIME Business Hub XSS in web pages – update to 1.13.3/1.12.4+
CVE-2025-3019 Published on March 31, 2025
Cross-site scripting vulnerabilities in KNIME Business Hub web pages
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data.
The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module.
There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub:
* 1.13.3 or later
* 1.12.4 or later
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2025-3019 has been classified to as a XSS vulnerability or weakness.
Affected Versions
KNIME Business Hub:- Version 1.13.0 and below 1.13.3 is affected.
- Version 1.12.0 and below 1.12.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.