CVE-2025-52554 — MEDIUM (CVSS 4.3) AI Security Vulnerability

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
n8n	npm	—	No patch

Do you use n8n? You're affected.

Severity & Risk

CVSS 3.1

4.3 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.

Weaknesses (CWE)

CWE-862

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1
Patch
github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a
Patch
github.com/n8n-io/n8n/pull/16405
Issue Patch
github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666
Issue Patch 3rd Party

Timeline

Published

July 3, 2025

Last Modified

September 4, 2025

First Seen

July 3, 2025