CVE-2025-46343

MEDIUM EPSS 11.0%
Published Apr 29, 20251y ago · Modified Jun 17, 20262w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Apr 29, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allows the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could send a request to change the user’s email address in their account settings, effectively enabling account takeover. This issue has been patched in version 1.90.0.

CVSS Details

Base Score
5.4
Exploitability
2.3
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
11.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
n8nn8n* <1.90.0

References 4

  • github.com https://github.com/n8n-io/n8n/pull/14350
    Issue TrackingPatch
  • github.com https://github.com/n8n-io/n8n/pull/14685
    Issue TrackingPatch
  • github.com https://github.com/n8n-io/n8n/releases/tag/n8n%401.90.0
    Release Notes
  • github.com https://github.com/n8n-io/n8n/security/advisories/GHSA-c8hm-hr8h-5xjw
    PatchVendor Advisory

Remediation

  • github.com https://github.com/n8n-io/n8n/pull/14350
    Issue TrackingPatch
  • github.com https://github.com/n8n-io/n8n/pull/14685
    Issue TrackingPatch
  • github.com https://github.com/n8n-io/n8n/security/advisories/GHSA-c8hm-hr8h-5xjw
    PatchVendor Advisory