CVE-2025-57749 – n8n

Package

Manager: npm
Name: n8n
Vulnerable Version: >=0 <1.106.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00056 pctl0.17419

Details

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files ### Impact A symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the `Execute Command` node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of _n8n.cloud_ are not impacted. ### Patches Affected users should update to version 1.106.0 or later. ### Workarounds Until the patch is applied: - Disable or restrict access to the `Execute Command` node and any other nodes that allow arbitrary file system access. - Avoid using the `Read/Write File` node on untrusted paths or inputs that could be manipulated via symlinks.

Metadata

Created: 2025-08-20T19:09:55Z
Modified: 2025-08-21T04:07:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-ggjm-f3g4-rwmm/GHSA-ggjm-f3g4-rwmm.json
CWE IDs: ["CWE-59", "CWE-61"]
Alternative ID: GHSA-ggjm-f3g4-rwmm
Finding: F184
Auto approve: 1