Authorization Vulnerability in n8n Workflow Automation Platform
CVE-2025-52554

4.9MEDIUM

Key Information:

Vendor

N8n-io

Status
N8n
Vendor
CVE Published:
3 July 2025

What is CVE-2025-52554?

An authorization vulnerability was identified in the n8n workflow automation platform, affecting the /rest/executions/:id/stop endpoint. This flaw permits authenticated users to halt workflow executions that are neither owned by them nor shared with them, which could result in unintended disruptions to business operations. Users are advised to update to version 1.99.1, which includes a fix for this issue. Alternatively, access to the affected endpoint can be controlled through reverse proxy settings or an API gateway to mitigate potential risks.

Affected Version(s)

n8n < 1.99.1

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-gq...
x_refsource_CONFIRM
https://github.com/n8n-io/n8n/pull/16405
x_refsource_MISC
https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d...
x_refsource_MISC

CVSS V4

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-52554 : Authorization Vulnerability in n8n Workflow Automation Platform