CVE-2025-57749

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

n

8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.

References

Link	Resource
https://github.com/n8n-io/n8n/pull/17735	Patch
https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*

History

03 Sep 2025, 15:07

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 22:15

Updated : 2025-09-03 15:07

NVD link : CVE-2025-57749

Mitre link : CVE-2025-57749

CVE.ORG link : CVE-2025-57749

JSON object : View

Products Affected

n8n

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2025-57749", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-08-20T22:15:29.670", "references": [{"url": "https://github.com/n8n-io/n8n/pull/17735", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks\u2014such as by using the Execute Command node\u2014could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later."}, {"lang": "es", "value": "n8n es una plataforma de automatizaci\u00f3n de flujos de trabajo. Antes de la versi\u00f3n 1.106.0, se descubri\u00f3 una vulnerabilidad de cruce de enlaces simb\u00f3licos en el nodo de lectura/escritura de archivos de n8n. Si bien el nodo intenta restringir el acceso a directorios y archivos confidenciales, no tiene en cuenta los enlaces simb\u00f3licos. Un atacante con la capacidad de crear enlaces simb\u00f3licos (por ejemplo, mediante el nodo de ejecuci\u00f3n de comandos) podr\u00eda aprovechar esta vulnerabilidad para eludir las restricciones de directorio previstas y leer o escribir en rutas que de otro modo ser\u00edan inaccesibles. Los usuarios de n8n.cloud no se ven afectados. Los usuarios afectados deben actualizar a la versi\u00f3n 1.106.0 o posterior."}], "lastModified": "2025-09-03T15:07:16.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "EB7A08CA-BBAA-4BFF-B208-F6442D75AC76", "versionEndExcluding": "1.106.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}