{"id":68541,"date":"2025-08-21T04:32:14","date_gmt":"2025-08-21T01:02:14","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-57749-n8n-symlink-traversal-vulnerability\/"},"modified":"2025-08-21T04:32:14","modified_gmt":"2025-08-21T01:02:14","slug":"cve-2025-57749-n8n-symlink-traversal-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-57749-n8n-symlink-traversal-vulnerability\/","title":{"rendered":"CVE-2025-57749 &#8211; n8n Symlink Traversal Vulnerability"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-57749<br \/>\n<br \/>\n<strong>Published : <\/strong> Aug. 20, 2025, 10:15 p.m. | 2\u00a0hours, 3\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read\/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks\u2014such as by using the Execute Command node\u2014could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 6.5 | MEDIUM<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-57749 Published : Aug. 20, 2025, 10:15 p.m. | 2\u00a0hours, 3\u00a0minutes ago Description : n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read\/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-68541","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68541","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=68541"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68541\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=68541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=68541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=68541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}