CVE-2025-49595 is a medium-severity denial of service (DoS) vulnerability affecting the n8n workflow automation platform versions prior to 1.99.0. The vulnerability arises from uncontrolled resource consumption (CWE-400) in the /rest/binary-data endpoint when processing malformed or empty filesystem URIs such as filesystem:// or filesystem-v2://. Authenticated attackers can exploit this flaw by sending specially crafted GET requests containing these empty filesystem URIs to the vulnerable endpoint. This triggers excessive resource usage on the server, leading to service unavailability characterized by HTTP/2 524 timeout responses. The vulnerability specifically impacts n8n.cloud instances and any self-hosted deployments running affected versions. The root cause is insufficient validation or handling of empty filesystem URI inputs, which causes the backend to consume resources uncontrollably. This issue was addressed and patched in n8n version 1.99.0. The CVSS v3.1 base score is 4.9, reflecting a medium severity level due to the requirement for authenticated access and the impact being limited to availability without affecting confidentiality or integrity. No known exploits are currently reported in the wild, but the vulnerability presents a risk of service disruption for organizations relying on n8n for workflow automation.

For European organizations utilizing n8n, particularly those leveraging n8n.cloud or self-hosted instances for critical automation workflows, this vulnerability poses a risk of denial of service. Disruption of workflow automation can impact business continuity, delay operational processes, and degrade service quality. Organizations in sectors such as finance, manufacturing, healthcare, and public administration that depend on automated integrations and data processing may experience operational downtime or degraded performance. Although the vulnerability requires authenticated access, insider threats or compromised credentials could enable exploitation. The impact is primarily on availability, with no direct compromise of data confidentiality or integrity. However, prolonged service outages could indirectly affect compliance with regulatory requirements for service availability and operational resilience under frameworks like GDPR and NIS Directive. Given the growing adoption of automation platforms in Europe, the risk of disruption from this vulnerability should be taken seriously.

European organizations should promptly upgrade all n8n instances to version 1.99.0 or later to remediate this vulnerability. For environments where immediate upgrading is not feasible, implement strict access controls to limit authenticated user permissions and monitor for anomalous GET requests targeting the /rest/binary-data endpoint with suspicious filesystem URI patterns. Employ Web Application Firewalls (WAFs) or API gateways to detect and block malformed URI requests that could trigger resource exhaustion. Additionally, enforce robust authentication mechanisms including multi-factor authentication (MFA) to reduce the risk of credential compromise. Regularly audit and rotate credentials for n8n users. Implement resource usage monitoring and alerting on n8n servers to detect early signs of resource exhaustion or unusual request patterns. Finally, maintain an incident response plan that includes procedures for mitigating denial of service events affecting automation platforms.