CVE-2025-57749

Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.106.0

Description: n8n is a workflow automation platform. A symlink traversal vulnerability was discovered in the Read/Write File node. The node does not properly account for symbolic links (symlinks), allowing an attacker with the ability to create symlinks—such as by using the Execute Command node—to bypass directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted.

Recommendations: Update to version 1.106.0 or later. As a temporary workaround, disable or restrict access to the Execute Command node and any other nodes that allow arbitrary file system access. Avoid using the Read/Write File node on untrusted paths or inputs that could be manipulated via symlinks.