Description

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.

INFO

Published Date :

2025-08-20T21:46:39.926Z

Last Modified :

2025-08-20T21:46:39.926Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57749 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57749.

URL Resource
https://github.com/n8n-io/n8n/pull/17735 cve-icon cve-icon
https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact