CVE-2025-58177 is a stored Cross-Site Scripting (XSS) vulnerability identified in the open-source workflow automation platform n8n, specifically affecting versions from 1.24.0 up to but not including 1.107.0. The vulnerability resides in the @n8n/n8n-nodes-langchain.chatTrigger node, which allows authorized users to configure the LangChain Chat Trigger with malicious JavaScript code embedded in the 'initialMessages' field. When the chat trigger is enabled for public access, this malicious script is stored and subsequently executed in the browsers of any users who visit the public chat URL generated by the node. This stored XSS flaw can be exploited to perform phishing attacks or steal sensitive information such as cookies or session tokens from unsuspecting users. The vulnerability requires an attacker to have authorized access to configure the node, and user interaction is necessary for exploitation since victims must visit the malicious public chat link. The issue has been addressed and fixed in n8n version 1.107.0, and upgrading to this or later versions is strongly recommended. As an interim mitigation, disabling the affected chatTrigger node can prevent exploitation, though no other workarounds are currently known. The CVSS v3.1 base score is 5.4 (medium severity), reflecting the network attack vector, low attack complexity, requirement for privileges, user interaction, and partial impact on confidentiality and integrity without affecting availability. No known exploits are currently reported in the wild.

For European organizations using n8n workflow automation platforms with affected versions, this vulnerability poses a tangible risk to the confidentiality and integrity of user data. Since the exploit involves stored XSS in publicly accessible chat URLs, any external users or employees accessing these public chats could have their session cookies or sensitive information stolen, potentially leading to account compromise or unauthorized access to internal systems. The phishing vector enabled by this vulnerability could facilitate social engineering attacks targeting employees or customers, increasing the risk of credential theft or malware deployment. Organizations that expose n8n chat triggers publicly without strict access controls are particularly vulnerable. The impact is heightened in sectors with stringent data protection regulations such as GDPR, where data leakage incidents can lead to significant legal and financial penalties. Additionally, the requirement for an authorized user to configure the malicious payload means insider threats or compromised accounts could be leveraged to exploit this vulnerability. Overall, the vulnerability could undermine trust in automated workflows and disrupt business processes reliant on n8n, especially in industries like finance, healthcare, and critical infrastructure prevalent in Europe.

To mitigate this vulnerability effectively, European organizations should prioritize upgrading all n8n instances to version 1.107.0 or later where the vulnerability is patched. Until upgrades can be performed, administrators should disable the @n8n/n8n-nodes-langchain.chatTrigger node to prevent exploitation. It is critical to audit and restrict authorized user permissions rigorously to minimize the risk of malicious configuration changes, employing the principle of least privilege. Organizations should also implement strict access controls and monitoring on any public URLs generated by n8n workflows, including web application firewalls (WAFs) configured to detect and block XSS payloads. Regular security training should be provided to users to recognize phishing attempts potentially stemming from this vulnerability. Additionally, logging and alerting mechanisms should be enhanced to detect unusual configuration changes or access patterns related to the chat trigger node. Conducting periodic security assessments and penetration testing focusing on workflow automation platforms can help identify residual risks. Finally, organizations should maintain an incident response plan tailored to web application attacks to quickly contain and remediate any exploitation attempts.