216.73.217.64

CVE-2025-49595

· Published 03/07/2025 13:15 · Modified 03/07/2025 15:13

Labels: CVE-2025-49595 2025-07-03CVE-2025-49595CWE-400[email protected]

Essential information

Published
03/07/2025 13:15
Modified
03/07/2025 15:13
Author
Creator
CVSS
4.9 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
n8n / n8n cpe:2.3:a:n8n:n8n:*:*:*:*:*:*:*:*

References