GHSA-GGJM-F3G4-RWMM
Vulnerability from github – Published: 2025-08-20 19:09 – Updated: 2025-08-21 04:07
VLAI?
Summary
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Details
Impact
A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted.
Patches
Affected users should update to version 1.106.0 or later.
Workarounds
Until the patch is applied:
- Disable or restrict access to the
Execute Commandnode and any other nodes that allow arbitrary file system access. - Avoid using the
Read/Write Filenode on untrusted paths or inputs that could be manipulated via symlinks.
Severity ?
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.106.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-57749"
],
"database_specific": {
"cwe_ids": [
"CWE-59",
"CWE-61"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-20T19:09:55Z",
"nvd_published_at": "2025-08-20T22:15:29Z",
"severity": "MODERATE"
},
"details": "### Impact\nA symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks\u2014such as by using the `Execute Command` node\u2014could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of _n8n.cloud_ are not impacted.\n\n### Patches\nAffected users should update to version 1.106.0 or later.\n\n### Workarounds\nUntil the patch is applied:\n\n- Disable or restrict access to the `Execute Command` node and any other nodes that allow arbitrary file system access.\n- Avoid using the `Read/Write File` node on untrusted paths or inputs that could be manipulated via symlinks.",
"id": "GHSA-ggjm-f3g4-rwmm",
"modified": "2025-08-21T04:07:03Z",
"published": "2025-08-20T19:09:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57749"
},
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/pull/17735"
},
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/commit/c2c3e08cdf33570d9051e659812cbfbdd3c077fd"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "n8n symlink traversal vulnerability in \"Read/Write File\" node allows access to restricted files"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…