n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.
History

Wed, 03 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*

Thu, 21 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 21 Aug 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Wed, 20 Aug 2025 22:00:00 +0000

Type Values Removed Values Added
Description n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.
Title n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-21T14:48:02.396Z

Reserved: 2025-08-19T15:16:22.915Z

Link: CVE-2025-57749

cve-icon Vulnrichment

Updated: 2025-08-21T13:25:44.485Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-20T22:15:29.670

Modified: 2025-09-03T15:07:16.683

Link: CVE-2025-57749

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-21T12:58:57Z