What is CVE-2025-52478?

CVE-2025-52478 is a high-severity vulnerability in N8n-io N8n, classified under Cross-site Scripting. CVSS score: 8.7/10. Published 2025-08-19.

How severe is CVE-2025-52478?

High severity. CVSS v3 base score is 8.7 out of 10.

XSS in N8n-io N8n

CVE-2025-52478

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject m…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (9.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

N8n-io N8n — versions >= 1.77.0, < 1.98.2

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-hfmv-hhh3-43f2 (x_refsource_CONFIRM)
https://github.com/n8n-io/n8n/pull/16329 (x_refsource_MISC)
https://github.com/n8n-io/n8n/commit/7940384a85041a1890b1203d69c092c887312500 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-52478?: CVE-2025-52478 is a high-severity vulnerability in N8n-io N8n, classified under Cross-site Scripting. CVSS score: 8.7/10. Published 2025-08-19.
How severe is CVE-2025-52478?: High severity. CVSS v3 base score is 8.7 out of 10.