PT-2025-36488 · N8N · N8N

Nikolas-Ch

·

Published

2025-09-08

·

Updated

2025-09-08

·

CVE-2025-56265

Report an issue
CVSS v3.1
8.8
VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

N8N versions 1.95.3, 1.100.1, and 1.101.1

Description:

An arbitrary file upload vulnerability exists in the Chat Trigger component of N8N. Attackers can execute arbitrary code by uploading a crafted HTML file.

Recommendations:

Update N8N to a version newer than 1.95.3, 1.100.1, and 1.101.1.

Exploit

Fix

RCE

Unrestricted File Upload

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-56265

Affected Products

N8N