Remote Code Execution Vulnerability in n8n Workflow Automation Platform
CVE-2025-65964

9.4CRITICAL

Key Information:

Vendor

N8n-io

Status
N8n
Vendor
CVE Published:
8 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-65964?

The n8n workflow automation platform, versions 0.123.1 through 1.119.1, contains a vulnerability that allows an attacker to execute arbitrary code on the host system by exploiting inadequate protections in the pre-commit hooks. When using the 'Add Config' operation, workflows can set malicious Git configuration values, including core.hooksPath, leading to execution of unwanted commands during subsequent Git operations. Effective mitigation includes updating to version 1.119.2 and implementing workarounds such as excluding the Git Node or refraining from interacting with untrusted repositories.

Affected Version(s)

n8n >= 0.123.1, < 1.119.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-65964-poc
Created by Anthony558238

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-wp...
x_refsource_CONFIRM
https://github.com/n8n-io/n8n/commit/d5a1171f95f75def5c3a...
x_refsource_MISC
https://github.com/n8n-io/n8n/releases/tag/n8n%401.119.2
x_refsource_MISC

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-65964 : Remote Code Execution Vulnerability in n8n Workflow Automation Platform