CVE-2025-52554: 
JavaScript vulnerability analysis and mitigation

n8n, a workflow automation platform, was found to contain an authorization vulnerability (CVE-2025-52554) in the /rest/executions/:id/stop endpoint prior to version 1.99.1. The vulnerability was disclosed on July 3, 2025, and allows authenticated users to stop workflow executions that they do not own or that have not been shared with them (GitHub Advisory).

The vulnerability stems from an improper authorization implementation in the workflow execution stop endpoint. While most API methods enforce user-scoped access to workflow execution IDs, the /stop endpoint failed to implement these checks. The vulnerability received a CVSS v3.1 base score of 4.3 (Moderate) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The issue is classified as CWE-862 (Missing Authorization) (GitHub Advisory).

The vulnerability primarily affects environments where multiple users with varying trust levels share access to the same n8n instance, particularly those running long-running or time-sensitive workflows. Attackers can exploit this flaw to disrupt other users' workflow executions and cause denial of service for business-critical automations. The vulnerability allows attackers to guess or enumerate execution IDs, which are sequential and partially exposed via verbose error messages (GitHub Advisory).

The vulnerability has been patched in n8n version 1.99.1. Users are strongly advised to upgrade to this version or later to ensure proper authorization checks are enforced before stopping workflow executions. For those unable to upgrade immediately, a workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway (GitHub Advisory).