Symlink Traversal Vulnerability in n8n Workflow Automation Platform
CVE-2025-57749

6.5MEDIUM

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-57749?

n8n, a popular workflow automation platform, has a symlink traversal vulnerability impacting versions earlier than 1.106.0. This flaw resides in the Read/Write File node, where attempts to restrict access to sensitive directories fail due to improper handling of symbolic links. An attacker capable of creating symlinks via the Execute Command node may exploit this vulnerability to bypass directory restrictions, potentially gaining access to read from or write to protected files. Users leveraging n8n.cloud services are not at risk, and those affected are advised to upgrade to version 1.106.0 or newer.

Affected Version(s)

n8n < 1.106.0

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-gg...

x_refsource_CONFIRM

https://github.com/n8n-io/n8n/pull/17735

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 19, 2025

JSON

N8n-io

What is CVE-2025-57749?

Affected Version(s)

References

CVSS V3.1

Timeline