CVE-2025-14262 — MEDIUM (4.3)

Q: How severe is CVE-2025-14262?

CVE-2025-14262 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-14262?

Check the references section above for vendor advisories and patch information. Affected products include: Knime Business Hub.

Vulnerability Description

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions. There is no workaround.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Knime	Business Hub	< 1.17.0

Related Weaknesses (CWE)

CWE-708

References

https://www.knime.com/security/advisories#CVE-2025-11239Vendor Advisory

FAQ

What is CVE-2025-14262?

CVE-2025-14262 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissio...

How severe is CVE-2025-14262?

CVE-2025-14262 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-14262?

Check the references section above for vendor advisories and patch information. Affected products include: Knime Business Hub.