CVE-2025-55130 Overview
A critical flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This vulnerability breaks the expected isolation guarantees and enables arbitrary file read/write operations, potentially leading to system compromise.
Critical Impact
Attackers can bypass Node.js file system permission restrictions, enabling unauthorized read and write access to sensitive files outside the permitted directory scope.
Affected Products
- Node.js v20.x
- Node.js v22.x
- Node.js v24.x
- Node.js v25.x
Discovery Timeline
- 2026-01-20 - CVE CVE-2025-55130 published to NVD
- 2026-01-21 - Last updated in NVD database
Technical Details for CVE-2025-55130
Vulnerability Analysis
This vulnerability targets Node.js's experimental Permissions model, specifically the file system access controls implemented through --allow-fs-read and --allow-fs-write command-line flags. The Permissions model is designed to provide a sandboxed execution environment where scripts can only access explicitly permitted file system paths.
The flaw exists in how the permission validation logic handles symbolic links with relative path components. When a script creates or traverses directories containing symlinks that point to paths using relative references (such as ../), the permission check fails to properly resolve and validate the final target path against the allowed list.
This authentication bypass vulnerability (CWE-289) allows a malicious script that has been granted permission to access only a specific directory to construct a chain of symlinks that ultimately resolves to files outside the permitted scope. The attack requires local access and low privileges to execute.
Root Cause
The root cause lies in improper handling of symbolic link resolution within the Permissions model's path validation logic. When evaluating file access requests, the permission system fails to fully canonicalize paths that involve symlinks with relative components before comparing them against the allowed paths list.
Specifically, the path normalization process does not account for scenarios where symlinks are chained together in a way that incrementally escapes the permitted directory boundary. Each symlink in the chain may appear valid in isolation, but when resolved sequentially, they produce a final path that violates the intended access restrictions.
Attack Vector
The attack requires local access to execute a Node.js script with the experimental permissions model enabled. An attacker with the ability to run scripts in a constrained Node.js environment can exploit this vulnerability through the following approach:
- The attacker's script is granted limited file system access (e.g., only the current working directory)
- The script creates a directory structure within the allowed path
- Within this structure, the script creates symbolic links using relative path references that point outside the permitted boundary
- By chaining multiple symlinks and directory traversals, the script can construct a path that resolves to sensitive files like /etc/passwd or application configuration files
- The permission system fails to detect that the resolved path is outside the allowed scope
- The attacker can then read or write to arbitrary files on the system
This vulnerability is particularly concerning for environments that rely on the Node.js Permissions model to isolate untrusted code, such as multi-tenant hosting platforms or plugin execution sandboxes. Successful exploitation can lead to sensitive data exposure, configuration tampering, or privilege escalation through manipulation of system files.
Detection Methods for CVE-2025-55130
Indicators of Compromise
- Unexpected symbolic link creation in directories accessible to Node.js applications
- File access patterns showing traversal from permitted directories to sensitive system files
- Node.js processes accessing files outside their explicitly configured permission scope
- Unusual directory structures with nested symlinks pointing to relative paths
Detection Strategies
- Monitor Node.js application logs for permission-related warnings or errors that may indicate attempted bypass
- Implement file integrity monitoring on sensitive system files and directories
- Use system-level auditing tools (auditd on Linux) to track symlink creation and file access patterns
- Deploy runtime application security monitoring that can detect anomalous file system access
- Review application code for dynamic symlink creation, especially with user-controlled path components
Monitoring Recommendations
- Enable comprehensive file system access logging for Node.js applications using the Permissions model
- Configure alerts for symlink creation events within application working directories
- Monitor for access attempts to sensitive paths like /etc/, /root/, and application configuration directories
- Implement behavioral baselines for file system access patterns to detect deviations
- Track process execution with unusual combinations of --allow-fs-read and --allow-fs-write flags
How to Mitigate CVE-2025-55130
Immediate Actions Required
- Upgrade Node.js to the patched versions released in the December 2025 security update
- Review and audit all applications that rely on the experimental Permissions model for security isolation
- Consider implementing additional sandboxing mechanisms (containers, VMs) as defense-in-depth
- Restrict the ability to create symbolic links within permitted directories where possible
- Monitor systems for exploitation attempts while applying patches
Patch Information
Security patches addressing this vulnerability are available through the Node.js December 2025 Security Releases. Users should update to the latest patched versions of Node.js v20, v22, v24, and v25 immediately.
The patch corrects the path resolution logic in the Permissions model to properly canonicalize paths containing symbolic links before validating them against the allowed paths list. This ensures that symlink chains cannot be used to escape the permitted file system boundaries.
Workarounds
- Disable the use of the experimental Permissions model if not strictly required and rely on OS-level sandboxing instead
- Implement filesystem-level restrictions using chroot, containers, or similar isolation technologies
- Configure the operating system to restrict symlink creation for the user account running Node.js applications
- Use read-only filesystem mounts where write access is not required
- Deploy SELinux or AppArmor policies to enforce additional file access restrictions on Node.js processes
# Example: Running Node.js in a container with restricted filesystem access
# This provides defense-in-depth beyond the Permissions model
docker run --rm \
--read-only \
--tmpfs /tmp:noexec,nosuid,size=64m \
--security-opt=no-new-privileges:true \
-v /app:/app:ro \
node:latest node --experimental-permission --allow-fs-read=/app /app/script.js
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
