CVE-2025-14262

MEDIUM
Published Dec 8, 2025 Modified Feb 27, 2026 CWE-708

Description

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions. There is no workaround.

CVSS v3.1 Score

4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-708 CWE-708

Affected Products

Vendor Product
knime business_hub

References

Frequently Asked Questions

What is CVE-2025-14262? +
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions. There is no workaround. It has a CVSS v3.1 base score of 4.3 (MEDIUM).
How severe is CVE-2025-14262? +
CVE-2025-14262 has a CVSS v3.1 score of 4.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2025-14262? +
CVE-2025-14262 affects products from knime, specifically: business_hub. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-14262? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-40196 8.1

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained …
CVE-2024-52561 7.8

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a …
CVE-2023-29122 6.7

Under certain conditions, access to service libraries is granted to account they should not have access to.
CVE-2024-41773 6.5

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper …
CVE-2024-45417 6.0

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user …
CVE-2024-45426 4.9

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-14262 — free, no signup required.

Start Free Scan