CVE-2025-52554
published 2025-07-03CVE-2025-52554: n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.27%
18.3th percentile
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n8n-io | n8n | < 1.99.1 | 1.99.1 |
| n8n | n8n | < 1.99.1 | 1.99.1 |
| n8n | n8n | >= 0 < 1.99.1 | 1.99.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv4.04.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
ghsa·2025-07-03
CVE-2025-52554 [MEDIUM] CWE-862 n8n is vulnerable to Improper Authorization through its `/stop` endpoint
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
## Summary
An authorization vulnerability was discovered in the `/rest/executions/:id/stop` endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption.
### Impact
This is an **improper authorization** vulnerability. While most API methods enforce user-scoped access to workflow execution IDs, the `/stop` endpoint fails to do so. An attacker can guess or enumerate execution IDs (which are sequential and partially exposed via verbose error messages) and terminate active workflows initiated by other users.
**Who is impacted:**
- Environments where multiple users with varying trust levels share access to the
OSV
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
osv·2025-07-03
CVE-2025-52554 [MEDIUM] n8n is vulnerable to Improper Authorization through its `/stop` endpoint
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
## Summary
An authorization vulnerability was discovered in the `/rest/executions/:id/stop` endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption.
### Impact
This is an **improper authorization** vulnerability. While most API methods enforce user-scoped access to workflow execution IDs, the `/stop` endpoint fails to do so. An attacker can guess or enumerate execution IDs (which are sequential and partially exposed via verbose error messages) and terminate active workflows initiated by other users.
**Who is impacted:**
- Environments where multiple users with varying trust levels share access to the
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-03
Published