CVE-2025-55526
Published: 26 August 2025
Summary
CVE-2025-55526 is a critical-severity Path Traversal (CWE-22) vulnerability in N8N Fastapi. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
n8n-workflows at main commit ee25413 contains a directory traversal vulnerability (CWE-22) in the download_workflow function of api_server.py. The flaw affects the n8n-workflows project and carries a CVSS 3.1 score of 9.1 reflecting network-accessible attack conditions with no required authentication or user interaction.
An unauthenticated remote attacker can supply crafted input to the download_workflow endpoint to traverse directories on the underlying filesystem, enabling unauthorized reading and modification of files with high confidentiality and integrity impact.
The sole public reference is a GitHub issue that documents the flaw but provides no mitigation guidance or patch details at the time of publication. The associated EPSS score remains flat at 0.0101 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25785
Vulnerability details
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing API server directly enables remote exploitation (T1190) and arbitrary local file reads (T1005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of inputs to the download_workflow function in api_server.py to reject directory traversal sequences like '../', preventing unauthorized file access.
Mandates enforcement of access controls that restrict the api_server.py function to only authorized workflow directories, blocking traversal to sensitive files outside the intended scope.
Requires timely identification, reporting, and patching of the specific directory traversal flaw at commit ee25413 in n8n-workflows, eliminating the vulnerability root cause.