Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-56265

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.

Published

2025-09-08T18:15:33.720

Last Modified

2025-09-12T20:47:21.743

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	n8n	n8n	1.95.3	Yes
Application	n8n	n8n	1.100.1	Yes
Application	n8n	n8n	1.101.1	Yes

References

https://github.com/nikolas-ch/CVEs/blob/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload/StoredXSSviaUnristrictedFileUpload.txt Third Party Advisory ([email protected])
https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1 Exploit ([email protected])
https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload Exploit ([email protected])