CVE-2025-57749: n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

The core of the vulnerability exists in the isFilePathBlocked function located in packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts. This function was intended to prevent access to restricted file paths. However, it used path.resolve() to determine the absolute path of a file, which does not resolve symbolic links (symlinks). This oversight allows an attacker with the ability to create symlinks on the server (for instance, via the 'Execute Command' node) to bypass the security check. An attacker could create a symlink in an accessible directory that points to a sensitive file or directory elsewhere on the system. When the 'Read/Write File' node operates on this symlink, isFilePathBlocked would check the path of the symlink itself, deem it safe, and allow the operation to proceed on the linked, restricted file.

The patch rectifies this by replacing path.resolve() with fs.realpath(). The fs.realpath() function resolves the entire path, including any symlinks, to its canonical physical path. This ensures that the check is performed on the true destination of the path, effectively closing the traversal vulnerability.

The functions assertFileIsReadable and writeContentToFile, which are part of the object returned by getFileSystemHelperFunctions, directly utilize isFilePathBlocked to secure file operations. Consequently, these functions are the primary runtime indicators that would appear in a stack trace or profiler output during an exploit attempt involving reading from or writing to a file through a malicious symlink.