CVE-2025-57749
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | to 1.106.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a symlink traversal issue in the Read/Write File node of the n8n workflow automation platform before version 1.106.0. The node tries to restrict access to sensitive directories and files but does not properly handle symbolic links (symlinks). An attacker who can create symlinks, for example via the Execute Command node, can exploit this flaw to bypass directory restrictions and read or write files in locations that should be inaccessible.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with limited permissions to access or modify files outside the intended restricted directories. This could lead to unauthorized disclosure of sensitive information or unauthorized file modifications, potentially compromising system integrity or confidentiality.
What immediate steps should I take to mitigate this vulnerability?
Update n8n to version 1.106.0 or later to fix the symlink traversal vulnerability in the Read/Write File node. Additionally, restrict the ability to create symlinks, such as limiting access to the Execute Command node, to prevent exploitation.