CVE-2025-49595
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-03

Last updated on: 2025-09-04

Assigner: GitHub, Inc.

Description
n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-03
Last Modified
2025-09-04
Generated
2026-05-07
AI Q&A
2025-07-03
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49595
EUVD
EUVD-2025-19862
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
n8n n8n to 1.99.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a denial of service issue in the n8n workflow automation platform prior to version 1.99.0. It occurs in the /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). Authenticated attackers can send malformed GET requests with these empty filesystem URIs, causing resource exhaustion and making the service unavailable. This leads to HTTP/2 524 timeout responses and affects both the endpoint and n8n.cloud instances. The vulnerability has been fixed in version 1.99.0.


How can this vulnerability impact me? :

If exploited, this vulnerability can cause denial of service by making the /rest/binary-data endpoint and n8n.cloud instances unavailable. This results in service disruption and resource exhaustion, potentially impacting workflow automation processes that rely on n8n, leading to downtime and loss of productivity.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by monitoring for GET requests to the /rest/binary-data endpoint containing empty filesystem URIs such as 'filesystem://' or 'filesystem-v2://'. For example, using a network monitoring tool or web server logs, you can search for requests matching this pattern. A command example using grep on server logs could be: grep -E 'GET /rest/binary-data.*(filesystem://|filesystem-v2://)' /path/to/access.log. Additionally, observing HTTP/2 524 timeout responses from the /rest/binary-data endpoint may indicate exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade n8n to version 1.99.0 or later, where this denial of service vulnerability has been patched. Until the upgrade can be performed, you may consider restricting or monitoring authenticated access to the /rest/binary-data endpoint to prevent exploitation by malformed filesystem URI requests.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart