CVE-2025-52554: CWE-862: Missing Authorization in n8n-io n8n
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.
AI Analysis
Technical Summary
CVE-2025-52554 is an authorization vulnerability identified in the n8n workflow automation platform prior to version 1.99.1. The vulnerability resides in the /rest/executions/:id/stop REST API endpoint, which is responsible for stopping workflow executions. Due to missing authorization checks (CWE-862), an authenticated user with low privileges can stop workflow executions that they neither own nor have been explicitly shared with them. This flaw allows unauthorized interference with workflow operations, potentially causing business disruption by halting critical automated processes. The vulnerability requires authentication but no user interaction beyond that, and it can be exploited remotely over the network. The issue was patched in version 1.99.1 of n8n. Until patching, a recommended workaround is to restrict access to the vulnerable endpoint using a reverse proxy or API gateway to enforce proper access controls. The CVSS v4.0 base score is 4.9 (medium severity), reflecting the limited scope of impact (only workflow execution stoppage), the requirement for authenticated access, and the lack of direct confidentiality or integrity compromise. No known exploits are currently reported in the wild.
Potential Impact
For European organizations using n8n versions prior to 1.99.1, this vulnerability could lead to unauthorized disruption of automated workflows. Since n8n is often used to orchestrate business-critical processes such as data integration, notifications, and task automation, unauthorized stopping of executions could cause operational delays, missed deadlines, or failure of dependent systems. While the vulnerability does not directly expose sensitive data or allow code execution, the interruption of workflows can degrade service availability and business continuity. Organizations in sectors relying heavily on automation—such as finance, manufacturing, logistics, and public services—may experience operational impacts. Additionally, attackers with low privilege could exploit this flaw to cause denial-of-service-like effects on automation pipelines, potentially impacting customer-facing services or internal processes. The impact is primarily on availability and operational integrity rather than confidentiality.
Mitigation Recommendations
The primary mitigation is to upgrade n8n to version 1.99.1 or later, where the authorization checks for the /rest/executions/:id/stop endpoint have been properly implemented. Until an upgrade is feasible, organizations should implement access controls at the network level by restricting access to the vulnerable endpoint using a reverse proxy or API gateway. This can include IP whitelisting, authentication enforcement, or endpoint filtering to ensure only authorized users or systems can invoke the stop execution API. Additionally, organizations should audit user privileges within n8n to ensure that only trusted users have authenticated access, minimizing the risk of exploitation by low-privilege users. Monitoring and alerting on unusual workflow stoppage events can help detect potential exploitation attempts. Finally, reviewing and hardening the overall API security posture of n8n deployments is recommended to prevent similar authorization issues.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium
CVE-2025-52554: CWE-862: Missing Authorization in n8n-io n8n
Description
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.
AI-Powered Analysis
Technical Analysis
CVE-2025-52554 is an authorization vulnerability identified in the n8n workflow automation platform prior to version 1.99.1. The vulnerability resides in the /rest/executions/:id/stop REST API endpoint, which is responsible for stopping workflow executions. Due to missing authorization checks (CWE-862), an authenticated user with low privileges can stop workflow executions that they neither own nor have been explicitly shared with them. This flaw allows unauthorized interference with workflow operations, potentially causing business disruption by halting critical automated processes. The vulnerability requires authentication but no user interaction beyond that, and it can be exploited remotely over the network. The issue was patched in version 1.99.1 of n8n. Until patching, a recommended workaround is to restrict access to the vulnerable endpoint using a reverse proxy or API gateway to enforce proper access controls. The CVSS v4.0 base score is 4.9 (medium severity), reflecting the limited scope of impact (only workflow execution stoppage), the requirement for authenticated access, and the lack of direct confidentiality or integrity compromise. No known exploits are currently reported in the wild.
Potential Impact
For European organizations using n8n versions prior to 1.99.1, this vulnerability could lead to unauthorized disruption of automated workflows. Since n8n is often used to orchestrate business-critical processes such as data integration, notifications, and task automation, unauthorized stopping of executions could cause operational delays, missed deadlines, or failure of dependent systems. While the vulnerability does not directly expose sensitive data or allow code execution, the interruption of workflows can degrade service availability and business continuity. Organizations in sectors relying heavily on automation—such as finance, manufacturing, logistics, and public services—may experience operational impacts. Additionally, attackers with low privilege could exploit this flaw to cause denial-of-service-like effects on automation pipelines, potentially impacting customer-facing services or internal processes. The impact is primarily on availability and operational integrity rather than confidentiality.
Mitigation Recommendations
The primary mitigation is to upgrade n8n to version 1.99.1 or later, where the authorization checks for the /rest/executions/:id/stop endpoint have been properly implemented. Until an upgrade is feasible, organizations should implement access controls at the network level by restricting access to the vulnerable endpoint using a reverse proxy or API gateway. This can include IP whitelisting, authentication enforcement, or endpoint filtering to ensure only authorized users or systems can invoke the stop execution API. Additionally, organizations should audit user privileges within n8n to ensure that only trusted users have authenticated access, minimizing the risk of exploitation by low-privilege users. Monitoring and alerting on unusual workflow stoppage events can help detect potential exploitation attempts. Finally, reviewing and hardening the overall API security posture of n8n deployments is recommended to prevent similar authorization issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-18T03:55:52.034Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6866e7016f40f0eb729bb598
Added to database: 7/3/2025, 8:24:33 PM
Last enriched: 7/3/2025, 8:39:30 PM
Last updated: 7/3/2025, 9:52:19 PM
Views: 3
Related Threats
CVE-2025-5322: CWE-434 Unrestricted Upload of File with Dangerous Type in e4jvikwp VikRentCar Car Rental Management System
HighCVE-2025-53367: CWE-787: Out-of-bounds Write in DjvuNet DjVuLibre
HighCVE-2025-49826: CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in vercel next.js
HighCVE-2025-49005: CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in vercel next.js
LowCVE-2025-53369: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in StarCitizenTools mediawiki-extensions-ShortDescription
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.