{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T15:50:30.931","vulnerabilities":[{"cve":{"id":"CVE-2025-57749","sourceIdentifier":"security-advisories@github.com","published":"2025-08-20T22:15:29.670","lastModified":"2025-09-03T15:07:16.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the Execute Command node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of n8n.cloud are not impacted. Affected users should update to version 1.106.0 or later."},{"lang":"es","value":"n8n es una plataforma de automatización de flujos de trabajo. Antes de la versión 1.106.0, se descubrió una vulnerabilidad de cruce de enlaces simbólicos en el nodo de lectura/escritura de archivos de n8n. Si bien el nodo intenta restringir el acceso a directorios y archivos confidenciales, no tiene en cuenta los enlaces simbólicos. Un atacante con la capacidad de crear enlaces simbólicos (por ejemplo, mediante el nodo de ejecución de comandos) podría aprovechar esta vulnerabilidad para eludir las restricciones de directorio previstas y leer o escribir en rutas que de otro modo serían inaccesibles. Los usuarios de n8n.cloud no se ven afectados. Los usuarios afectados deben actualizar a la versión 1.106.0 o posterior."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.106.0","matchCriteriaId":"EB7A08CA-BBAA-4BFF-B208-F6442D75AC76"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/pull/17735","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}