Authorization Vulnerability in n8n Workflow Automation Platform
CVE-2025-52554

4.9MEDIUM

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-52554?

An authorization vulnerability was identified in the n8n workflow automation platform, affecting the /rest/executions/:id/stop endpoint. This flaw permits authenticated users to halt workflow executions that are neither owned by them nor shared with them, which could result in unintended disruptions to business operations. Users are advised to update to version 1.99.1, which includes a fix for this issue. Alternatively, access to the affected endpoint can be controlled through reverse proxy settings or an API gateway to mitigate potential risks.

Affected Version(s)

n8n < 1.99.1

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-gq...

x_refsource_CONFIRM

https://github.com/n8n-io/n8n/pull/16405

x_refsource_MISC

https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d...

x_refsource_MISC

CVSS V4

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Jun 18, 2025

N8n-io

What is CVE-2025-52554?

Affected Version(s)

References

CVSS V4

Timeline