CVE-2025-49592: 
JavaScript vulnerability analysis and mitigation

CVE-2025-49592 affects n8n, a workflow automation platform, in versions prior to 1.98.0. The vulnerability was discovered and disclosed in June 2025, involving an Open Redirect vulnerability in the login flow. The issue allows authenticated users to be redirected to untrusted, attacker-controlled domains after logging in by crafting malicious URLs with a misleading redirect query parameter (GitHub Advisory, NVD).

The vulnerability exists in the login flow's redirect functionality where insufficient validation of redirect URLs allows attackers to craft malicious URLs that can redirect users to untrusted domains. The issue received a CVSS v3.1 score of 4.6 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N and is classified as CWE-601 (URL Redirection to Untrusted Site). The vulnerability affects any installation of n8n that exposes the /signin endpoint to users (GitHub Advisory, Wiz).

The vulnerability can lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), potential credential or 2FA theft if users are tricked into re-entering sensitive information, and reputation risk due to the visual similarity between attacker-controlled domains and trusted ones (GitHub Advisory).

The vulnerability has been patched in version 1.98.0. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login. All users should upgrade to version 1.98.0 or later to mitigate this vulnerability (GitHub Release, GitHub Advisory).

The fix was merged into the main branch after thorough review and testing, with positive feedback from the development team regarding the comprehensive test coverage implemented for the security fix (GitHub PR).