CVE-2025-56265

Published: Sep 8, 2025Modified: Sep 12, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.

Affected (3)

Products: N8n: N8n

N8n

1 product

N8n

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
N8n N8n	Version 1.100.1
N8n N8n	Version 1.101.1
N8n N8n	Version 1.95.3

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (3)

https://github.com/nikolas-ch/CVEs/blob/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload/StoredXSSviaUnristrictedFileUpload.txt

Source: cve@mitre.org

Third Party Advisory

https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1

Source: cve@mitre.org

Exploit

https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload

Source: cve@mitre.org

Exploit

Timeline

No history available yet.