CVE-2025-52554 is an authorization vulnerability identified in the n8n workflow automation platform prior to version 1.99.1. The vulnerability resides in the /rest/executions/:id/stop REST API endpoint, which is responsible for stopping workflow executions. Due to missing authorization checks (CWE-862), an authenticated user with low privileges can stop workflow executions that they neither own nor have been explicitly shared with them. This flaw allows unauthorized interference with workflow operations, potentially causing business disruption by halting critical automated processes. The vulnerability requires authentication but no user interaction beyond that, and it can be exploited remotely over the network. The issue was patched in version 1.99.1 of n8n. Until patching, a recommended workaround is to restrict access to the vulnerable endpoint using a reverse proxy or API gateway to enforce proper access controls. The CVSS v4.0 base score is 4.9 (medium severity), reflecting the limited scope of impact (only workflow execution stoppage), the requirement for authenticated access, and the lack of direct confidentiality or integrity compromise. No known exploits are currently reported in the wild.

For European organizations using n8n versions prior to 1.99.1, this vulnerability could lead to unauthorized disruption of automated workflows. Since n8n is often used to orchestrate business-critical processes such as data integration, notifications, and task automation, unauthorized stopping of executions could cause operational delays, missed deadlines, or failure of dependent systems. While the vulnerability does not directly expose sensitive data or allow code execution, the interruption of workflows can degrade service availability and business continuity. Organizations in sectors relying heavily on automation—such as finance, manufacturing, logistics, and public services—may experience operational impacts. Additionally, attackers with low privilege could exploit this flaw to cause denial-of-service-like effects on automation pipelines, potentially impacting customer-facing services or internal processes. The impact is primarily on availability and operational integrity rather than confidentiality.

The primary mitigation is to upgrade n8n to version 1.99.1 or later, where the authorization checks for the /rest/executions/:id/stop endpoint have been properly implemented. Until an upgrade is feasible, organizations should implement access controls at the network level by restricting access to the vulnerable endpoint using a reverse proxy or API gateway. This can include IP whitelisting, authentication enforcement, or endpoint filtering to ensure only authorized users or systems can invoke the stop execution API. Additionally, organizations should audit user privileges within n8n to ensure that only trusted users have authenticated access, minimizing the risk of exploitation by low-privilege users. Monitoring and alerting on unusual workflow stoppage events can help detect potential exploitation attempts. Finally, reviewing and hardening the overall API security posture of n8n deployments is recommended to prevent similar authorization issues.