CVE-2025-52554
Last modified
CVE-2025-52554 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| N8n | N8n | < 1.99.1 |
References
- https://github.com/n8n-io/n8n/pull/16405Issue Tracking, Patch
- https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-52554?
How severe is CVE-2025-52554?
How do I fix CVE-2025-52554?
Are you affected by CVE-2025-52554?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST