CVE-2025-46343 – n8n

Package

Manager: npm
Name: n8n
Vulnerable Version: >=0 <1.90.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00041 pctl0.11601

Details

n8n Vulnerable to Stored XSS through Attachments View Endpoint ### Impact n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there was no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allowed the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malicious JavaScript. When another user visits the binary data endpoint with the MIME type set to text/html, the script executes in the context of the user’s session. This script could, for example, send a request to change the user’s email address in their account settings, effectively enabling account takeover. ### Patches - [n8n@1.90.0](https://github.com/n8n-io/n8n/releases/tag/n8n%401.90.0) ### Credit We would like to thank @Mahmoud0x00 for reporting this issue.

Metadata

Created: 2025-04-28T21:02:23Z
Modified: 2025-04-29T13:15:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-c8hm-hr8h-5xjw/GHSA-c8hm-hr8h-5xjw.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-c8hm-hr8h-5xjw
Finding: F425
Auto approve: 1