CVE-2025-52554
BaseFortify
Publication date: 2025-07-03
Last updated on: 2025-09-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | to 1.99.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52554 is an authorization vulnerability in the n8n workflow automation platform affecting the /rest/executions/:id/stop API endpoint. Before version 1.99.1, authenticated users could stop workflow executions that they did not own or that were not shared with them because the endpoint lacked proper user-scoped authorization checks. This allowed users to terminate workflows belonging to others, potentially disrupting business processes. The issue was fixed by enforcing ownership checks so that only the owner or authorized users can stop a workflow execution. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to significant business disruption in multi-user environments. An attacker or unauthorized user could stop workflow executions they do not own, causing denial of service for critical or long-running workflows. This can interrupt automated business processes, potentially leading to operational delays or failures. The impact is especially relevant where workflows are time-sensitive or involve important automation tasks. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing access to the /rest/executions/:id/stop API endpoint to see if authenticated users can stop workflow executions they do not own or that have not been shared with them. Since execution IDs are sequential and partially exposed through verbose error messages, an attacker might enumerate these IDs to attempt unauthorized stops. Detection could involve attempting to stop executions with different IDs using authenticated user credentials and verifying if unauthorized stops are possible. Specific commands are not provided in the resources, but testing API calls to the /rest/executions/:id/stop endpoint with various execution IDs and user credentials could reveal the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading n8n to version 1.99.1 or later, where the vulnerability has been patched by enforcing proper authorization checks on the /rest/executions/:id/stop endpoint. If upgrading is not immediately possible, a recommended workaround is to restrict access to the /rest/executions/:id/stop endpoint via a reverse proxy or API gateway to prevent unauthorized users from accessing this endpoint. [2]