CVE-2025-49592

n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/n8n-io/n8n/commit/4865d1e360a0fe7b045e295b5e1a29daad12314e
https://github.com/n8n-io/n8n/pull/16034
https://github.com/n8n-io/n8n/releases/tag/n8n%401.98.0
https://github.com/n8n-io/n8n/security/advisories/GHSA-5vj6-wjr7-5v9f

Configurations

No configuration.

History

30 Jun 2025, 18:39

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-26 20:15

Updated : 2025-06-30 18:39

NVD link : CVE-2025-49592

Mitre link : CVE-2025-49592

CVE.ORG link : CVE-2025-49592

JSON object : View

Products Affected

No product.

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2025-49592", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2025-06-26T20:15:29.323", "references": [{"url": "https://github.com/n8n-io/n8n/commit/4865d1e360a0fe7b045e295b5e1a29daad12314e", "source": "security-advisories@github.com"}, {"url": "https://github.com/n8n-io/n8n/pull/16034", "source": "security-advisories@github.com"}, {"url": "https://github.com/n8n-io/n8n/releases/tag/n8n%401.98.0", "source": "security-advisories@github.com"}, {"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-5vj6-wjr7-5v9f", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login."}, {"lang": "es", "value": "n8n es una plataforma de automatizaci\u00f3n de flujos de trabajo. Las versiones anteriores a la 1.98.0 presentan una vulnerabilidad de redirecci\u00f3n abierta en el flujo de inicio de sesi\u00f3n. Tras iniciar sesi\u00f3n, los usuarios autenticados pueden ser redirigidos a dominios no confiables, controlados por atacantes, mediante la manipulaci\u00f3n de URL maliciosas con un par\u00e1metro de consulta de redirecci\u00f3n enga\u00f1oso. Esto puede provocar ataques de phishing al suplantar la interfaz de usuario de n8n en dominios similares (p. ej., n8n.local.evil.com), robo de credenciales o de 2FA si se enga\u00f1a a los usuarios para que vuelvan a introducir informaci\u00f3n confidencial, o riesgo para la reputaci\u00f3n debido a la similitud visual entre los dominios controlados por atacantes y los de confianza. La vulnerabilidad afecta a cualquiera que aloje n8n y exponga el endpoint `/signin` a los usuarios. El problema se ha corregido en la versi\u00f3n 1.98.0. Todos los usuarios deben actualizar a esta versi\u00f3n o una posterior. La correcci\u00f3n introduce una validaci\u00f3n de origen estricta para las URL de redirecci\u00f3n, lo que garantiza que solo se permitan rutas del mismo origen o relativas tras el inicio de sesi\u00f3n."}], "lastModified": "2025-06-30T18:39:09.973", "sourceIdentifier": "security-advisories@github.com"}