Overview
Cybersecurity is of paramount importance in the digital age, especially when it involves open-source platforms like n8n, a popular workflow automation platform. A recently discovered vulnerability, cataloged as CVE-2025-52478, has been identified as a significant security risk. It affects n8n versions from 1.77.0 to before 1.98.2 and could potentially lead to system compromise or data leakage.
This vulnerability specifically affects the Form Trigger node’s HTML form element, and could potentially allow an attacker to take over a user’s account by injecting malicious HTML or Javascript. This raises serious concerns over the security of user data and the integrity of the system.
Vulnerability Summary
CVE ID: CVE-2025-52478
Severity: High (8.7/10 CVSS Severity Score)
Attack Vector: Network
Privileges Required: Low (Authenticated User)
User Interaction: Required
Impact: Potential system compromise or data leakage
Affected Products
Escape the Surveillance Era
Most apps won’t tell you the truth.
They’re part of the problem.
Phone numbers. Emails. Profiles. Logs.
It’s all fuel for surveillance.
Ameeba Chat gives you a way out.
- • No phone number
- • No email
- • No personal info
- • Anonymous aliases
- • End-to-end encrypted
Chat without a trace.
Product | Affected Versions
n8n | 1.77.0 to 1.98.1
How the Exploit Works
The vulnerability arises from inadequate input validation in n8n’s Form Trigger node’s HTML form element. An authenticated attacker can exploit this vulnerability by injecting malicious HTML or Javascript through an