Open Redirect Vulnerability in n8n Workflow Automation Platform
CVE-2025-49592

4.6MEDIUM

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 26 June 2025

What is CVE-2025-49592?

n8n, a popular workflow automation platform, has an Open Redirect vulnerability in its login flow for versions prior to 1.98.0. This issue allows authenticated users to be redirected to untrusted and potentially harmful domains through crafted malicious URLs with misleading query parameters. This can lead to phishing attacks, where malicious actors imitate the n8n user interface on counterfeit domains, tricking users into entering sensitive information, including login credentials and 2FA tokens. If hosts of n8n expose the /signin endpoint to users, they may be at risk. The vulnerability has been addressed in version 1.98.0, which implements strict origin validation for redirect URLs. Users are urged to upgrade to this version or later to ensure their safety.

Affected Version(s)

n8n < 1.98.0

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-5v...

x_refsource_CONFIRM

https://github.com/n8n-io/n8n/pull/16034

x_refsource_MISC

https://github.com/n8n-io/n8n/commit/4865d1e360a0fe7b045e...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Jun 6, 2025

N8n-io

What is CVE-2025-49592?

Affected Version(s)

References

CVSS V3.1

Timeline