CNNVD-202508-2397 Information

CNNVD ID

CNNVD-202508-2397

Related CVE

CVE-2025-57749

• CNNVD Published: 2025-08-20

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.106.0之前版本存在安全漏洞，该漏洞源于Read/Write File节点存在符号链接遍历，可能导致绕过目录限制。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. n8n 1.106.0 has a security loophole, which stems from the presence of a symbol link to the Read/Write File node, which may lead to circumventing the directory limit.

Hazard Level

High

Vulnerability Type

后置链接

Affected Vendor

n8n

Published

2025-08-20

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-ggjm-f3g4-rwmm https://github.com/n8n-io/n8n/pull/17735 https://nvd.nist.gov/vuln/detail/CVE-2025-57749

Patch

https://github.com/n8n-io/n8n/releases