How to fix EUVD-2025-19862?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is N8n affected by EUVD-2025-19862?

Organizations using n8n should be aware of moderate risk from CVE-2025-49595, a resource exhaustion vulnerability rated CVSS 4.9. Service availability could be impacted. A patch is available and should be applied during regular vulnerability management.

EUVD-2025-19862

| CVE-2025-49595 MEDIUM

2025-07-03 [email protected]

GHSA-pr9r-gxgp-9rm8

4.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 02:12 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 02:12 euvd

EUVD-2025-19862

Patch Released

Mar 16, 2026 - 02:12 nvd

Patch available

CVE Published

Jul 03, 2025 - 13:15 nvd

MEDIUM 4.9

Description

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-data endpoint and n8n.cloud instances (confirmed HTTP/2 524 timeout responses). Attackers can exploit this by sending GET requests with empty filesystem URIs (filesystem:// or filesystem-v2://) to the /rest/binary-data endpoint, causing resource exhaustion and service disruption. This issue has been patched in version 1.99.0.

Analysis

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

Affected Products

Affected products: N8N N8N

Remediation

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +24

POC: 0

EUVD-2025-19862 vulnerability details – vuln.today

Back

EUVD-2025-19862

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-19862

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code