CVE-2025-11240 is an open redirect vulnerability (CWE-601) identified in the KNIME Business Hub software prior to version 1.16.0. This vulnerability allows an unauthenticated remote attacker to craft a malicious URL that appears to originate from a legitimate KNIME Business Hub installation. When a user clicks on this crafted link, they are redirected to an attacker-controlled external website. Because the initial URL appears trustworthy, this can facilitate phishing attacks or other social engineering exploits by leveraging the user's trust in the legitimate KNIME Business Hub domain. The vulnerability does not require any authentication or privileges and can be exploited simply by convincing a user to click on the malicious link. The CVSS 4.0 base score is 5.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges or authentication, but does require user interaction (clicking the link). The impact is limited to confidentiality as the redirect could lead to phishing or malware sites, but does not directly compromise the integrity or availability of the KNIME Business Hub itself. The issue has been addressed in KNIME Business Hub version 1.16.0, and users are advised to upgrade to this or later versions to mitigate the risk.

For European organizations using KNIME Business Hub, this vulnerability poses a moderate risk primarily through social engineering and phishing attacks. Attackers could exploit the open redirect to trick employees into visiting malicious sites that harvest credentials, deploy malware, or conduct further attacks. This could lead to data breaches, credential compromise, or lateral movement within the organization. While the vulnerability does not directly allow system compromise, the indirect effects via phishing could be significant, especially in sectors with sensitive data such as finance, healthcare, and research institutions prevalent in Europe. The ease of exploitation (no authentication needed) increases the likelihood of phishing campaigns leveraging this vulnerability. Organizations relying heavily on KNIME Business Hub for business analytics or data workflows should be particularly cautious, as attackers may exploit trust in this platform to increase phishing success rates.

1. Immediate upgrade of KNIME Business Hub installations to version 1.16.0 or later, where the open redirect vulnerability is fixed. 2. Implement strict URL filtering and validation on the server side to prevent untrusted redirects if upgrading is temporarily not possible. 3. Educate employees about the risks of clicking on unexpected or suspicious links, even if they appear to come from trusted internal platforms. 4. Deploy email security solutions that detect and block phishing attempts, including those leveraging open redirect vulnerabilities. 5. Monitor logs for unusual redirect patterns or spikes in user redirection to external sites. 6. Use web proxies or secure web gateways that can block access to known malicious domains that could be targeted via the redirect. 7. Apply Content Security Policy (CSP) headers where applicable to restrict navigation to trusted domains.