Home > Vulnerability Database > CVE-2025-57749

Mend.io Vulnerability Database

CVE-2025-57749

Good to know:

Date: August 20, 2025

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.

Severity Score

6.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57749

Url: https://github.com/n8n-io/n8n/commit/c2c3e08cdf33570d9051e659812cbfbdd3c077fd

Url: https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm

Url: https://github.com/n8n-io/n8n/pull/17735

Url: https://github.com/n8n-io/n8n

Url: https://www.mend.io/vulnerability-database/CVE-2025-57749

Severity Score

6.5

Weakness Type (CWE)

Improper Link Resolution Before File Access ('Link Following')

CWE-59

UNIX Symbolic Link (Symlink) Following

CWE-61

Top Fix

Upgrade Version

Upgrade to version n8n - 1.106.0;https://github.com/n8n-io/n8n.git - n8n@1.106.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57749

Good to know:

Date: August 20, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?