Skip to main content

CVE-2025-52554: CWE-862: Missing Authorization in n8n-io n8n

Medium
VulnerabilityCVE-2025-52554cvecve-2025-52554cwe-862
Published: Thu Jul 03 2025 (07/03/2025, 20:08:54 UTC)
Source: CVE Database V5
Vendor/Project: n8n-io
Product: n8n

Description

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.

AI-Powered Analysis

AILast updated: 07/03/2025, 20:39:30 UTC

Technical Analysis

CVE-2025-52554 is an authorization vulnerability identified in the n8n workflow automation platform prior to version 1.99.1. The vulnerability resides in the /rest/executions/:id/stop REST API endpoint, which is responsible for stopping workflow executions. Due to missing authorization checks (CWE-862), an authenticated user with low privileges can stop workflow executions that they neither own nor have been explicitly shared with them. This flaw allows unauthorized interference with workflow operations, potentially causing business disruption by halting critical automated processes. The vulnerability requires authentication but no user interaction beyond that, and it can be exploited remotely over the network. The issue was patched in version 1.99.1 of n8n. Until patching, a recommended workaround is to restrict access to the vulnerable endpoint using a reverse proxy or API gateway to enforce proper access controls. The CVSS v4.0 base score is 4.9 (medium severity), reflecting the limited scope of impact (only workflow execution stoppage), the requirement for authenticated access, and the lack of direct confidentiality or integrity compromise. No known exploits are currently reported in the wild.

Potential Impact

For European organizations using n8n versions prior to 1.99.1, this vulnerability could lead to unauthorized disruption of automated workflows. Since n8n is often used to orchestrate business-critical processes such as data integration, notifications, and task automation, unauthorized stopping of executions could cause operational delays, missed deadlines, or failure of dependent systems. While the vulnerability does not directly expose sensitive data or allow code execution, the interruption of workflows can degrade service availability and business continuity. Organizations in sectors relying heavily on automation—such as finance, manufacturing, logistics, and public services—may experience operational impacts. Additionally, attackers with low privilege could exploit this flaw to cause denial-of-service-like effects on automation pipelines, potentially impacting customer-facing services or internal processes. The impact is primarily on availability and operational integrity rather than confidentiality.

Mitigation Recommendations

The primary mitigation is to upgrade n8n to version 1.99.1 or later, where the authorization checks for the /rest/executions/:id/stop endpoint have been properly implemented. Until an upgrade is feasible, organizations should implement access controls at the network level by restricting access to the vulnerable endpoint using a reverse proxy or API gateway. This can include IP whitelisting, authentication enforcement, or endpoint filtering to ensure only authorized users or systems can invoke the stop execution API. Additionally, organizations should audit user privileges within n8n to ensure that only trusted users have authenticated access, minimizing the risk of exploitation by low-privilege users. Monitoring and alerting on unusual workflow stoppage events can help detect potential exploitation attempts. Finally, reviewing and hardening the overall API security posture of n8n deployments is recommended to prevent similar authorization issues.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-06-18T03:55:52.034Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6866e7016f40f0eb729bb598

Added to database: 7/3/2025, 8:24:33 PM

Last enriched: 7/3/2025, 8:39:30 PM

Last updated: 7/3/2025, 9:52:19 PM

Views: 3

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats