CVE-2025-57749

EPSS 0.08%
Veröffentlicht 20.08.2025 21:46:39
Zuletzt bearbeitet 03.09.2025 15:07:16
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

N8n ≫ N8n SwPlatformnode.js Version < 1.106.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.247

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm

Vendor Advisory

https://github.com/n8n-io/n8n/pull/17735

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-57749

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-57749

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-57749

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-57749