Denial of Service Flaw in n8n Workflow Automation Platform
CVE-2025-49595

4.9MEDIUM

Key Information:

Vendor

N8n-io

Status
N8n
Vendor
CVE Published:
3 July 2025

What is CVE-2025-49595?

The n8n workflow automation platform has a vulnerability in the /rest/binary-data endpoint, affecting versions before 1.99.0. This flaw allows authenticated users to execute denial of service attacks by submitting malformed filesystem URIs (specifically filesystem:// or filesystem-v2://), leading to resource exhaustion and consequently causing the service to become unavailable. Users experiencing this issue may encounter HTTP/2 524 timeout errors, impacting both self-hosted and n8n.cloud instances. Mitigation has been provided in version 1.99.0, requiring users to update to ensure continued service reliability.

Affected Version(s)

n8n < 1.99.0

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-pr...
x_refsource_CONFIRM
https://github.com/n8n-io/n8n/pull/16229
x_refsource_MISC
https://github.com/n8n-io/n8n/commit/43c52a8b4f844e91b02e...
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-49595 : Denial of Service Flaw in n8n Workflow Automation Platform