CVE-2025-57749
published 2025-08-20CVE-2025-57749: n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node…
PriorityP341medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.45%
35.5th percentile
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n8n-io | n8n | < 1.106.0 | 1.106.0 |
| n8n | n8n | < 1.106.0 | 1.106.0 |
| n8n | n8n | >= 0 < 1.106.0 | 1.106.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
osv·2025-08-20
CVE-2025-57749 [MEDIUM] n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
### Impact
A symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the `Execute Command` node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of _n8n.cloud_ are not impacted.
### Patches
Affected users should update to version 1.106.0 or later.
### Workarounds
Until the patch is applied:
- Disable or restrict access to the `Execute Command` node and any other nodes that allow arbitra
GHSA
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
ghsa·2025-08-20
CVE-2025-57749 [MEDIUM] CWE-59 n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
### Impact
A symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the `Execute Command` node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of _n8n.cloud_ are not impacted.
### Patches
Affected users should update to version 1.106.0 or later.
### Workarounds
Until the patch is applied:
- Disable or restrict access to the `Execute Command` node and any other nodes that allow arbitra
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-20
Published