Vulnerability Description
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| N8N | N8N | < 1.106.0 |
Related Weaknesses (CWE)
References
- https://github.com/n8n-io/n8n/pull/17735Patch
- https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmmVendor Advisory
FAQ
What is CVE-2025-57749?
CVE-2025-57749 is a vulnerability with a CVSS score of 6.5 (MEDIUM). n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive dire...
How severe is CVE-2025-57749?
CVE-2025-57749 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-57749?
Check the references section above for vendor advisories and patch information. Affected products include: N8N N8N.