n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.
References
| Link | Resource |
|---|---|
| https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1 | Patch |
| https://github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a | Patch |
| https://github.com/n8n-io/n8n/pull/16405 | Patch Issue Tracking |
| https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666 | Patch Third Party Advisory Issue Tracking |
Configurations
History
04 Sep 2025, 16:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/dudanogueira/n8n/commit/ca2f90c7fbaa1d661ade2f45d587d9469bc287e1 - Patch | |
| References | () https://github.com/n8n-io/n8n/commit/e5edc60e344924230baafb11fa1f0af788e9ca9a - Patch | |
| References | () https://github.com/n8n-io/n8n/pull/16405 - Patch, Issue Tracking | |
| References | () https://github.com/n8n-io/n8n/security/advisories/GHSA-gq57-v332-7666 - Patch, Third Party Advisory, Issue Tracking | |
| First Time |
N8n
N8n n8n |
|
| CPE | cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
08 Jul 2025, 16:19
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-07-03 20:15
Updated : 2025-09-04 16:53
NVD link : CVE-2025-52554
Mitre link : CVE-2025-52554
CVE.ORG link : CVE-2025-52554
JSON object : View
Products Affected
n8n
- n8n
CWE
CWE-862
Missing Authorization