How severe is CVE-2025-2402?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-2402?

This is classified as CWE-259, which is a common weakness in software security.

CVE-2025-2402

HIGH Year: 2025

Weakness Type

CWE-259

View all →

Vulnerability Description

A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.2 or later * 1.12.3 or later * 1.11.3 or later * 1.10.3 or later

CVE-2024-32741

CRITICAL

CVSS:10.0(Critical)

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot load...

CWE-2592024

CVE-2014-125030

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The ...

CWE-2592014

CVE-2014-5434

CRITICAL

CVSS:9.8(Critical)

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter a...

CWE-2592014

CVE-2015-3953

CRITICAL

CVSS:9.8(Critical)

Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. H...

CWE-2592015

CVE-2016-9358

CRITICAL

CVSS:9.8(Critical)

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bi...

CWE-2592016

CVE-2017-20039

CRITICAL

CVSS:9.8(Critical)

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to...

CWE-2592017

CVE-2025-2402

Vulnerability Description

Related Vulnerabilities

CVE-2024-32741

CVE-2014-125030

CVE-2014-5434

CVE-2015-3953

CVE-2016-9358

CVE-2017-20039