Vulnerability DatabaseCVE-2025-52554
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-52554
July 03, 2025
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.
Affected Packages
n8n (NPM):
Affected version(s) >=0.0.1 <1.99.1
Fix Suggestion:
Update to version 1.99.1
Related ResourcesĀ (6)
https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1
https://nvd.nist.gov/vuln/detail/CVE-2025-52554
https://github.com/n8n-io/n8n/pull/16405
https://github.com/n8n-io/n8n
https://github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a
https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666
Do you need more information?
Contact Us
CVSS v4
Base Score:
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
HIGH
CVSS v3
Base Score:
5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Missing Authorization
CWE-862
EPSS
Base Score:
0.07