Symlink Traversal Vulnerability in n8n Workflow Automation Platform
CVE-2025-57749

6.5MEDIUM

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-57749?

n8n, a popular workflow automation platform, has a symlink traversal vulnerability impacting versions earlier than 1.106.0. This flaw resides in the Read/Write File node, where attempts to restrict access to sensitive directories fail due to improper handling of symbolic links. An attacker capable of creating symlinks via the Execute Command node may exploit this vulnerability to bypass directory restrictions, potentially gaining access to read from or write to protected files. Users leveraging n8n.cloud services are not at risk, and those affected are advised to upgrade to version 1.106.0 or newer.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

n8n < 1.106.0

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-gg...

x_refsource_CONFIRM

https://github.com/n8n-io/n8n/pull/17735

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 19, 2025

JSON

N8n-io