Remote Code Execution Vulnerability in n8n Automation Platform
CVE-2025-68613
Key Information:
Badges
What is CVE-2025-68613?
CVE-2025-68613 is a critical vulnerability identified within the n8n automation platform, an open-source tool designed for creating and automating complex workflows across various applications. This specific vulnerability is categorized as a Remote Code Execution (RCE) flaw and affects versions 0.211.0 through certain releases before 1.120.4, 1.121.1, and 1.122.0. Under certain conditions, expressions inputted by authenticated users during the configuration of workflows can be executed in an insufficiently isolated context, potentially allowing an attacker with valid credentials to execute arbitrary code. The implications of this vulnerability are severe, as it grants attackers the ability to exploit the n8n process's privileges, leading to full compromise of the instance. This can result in unauthorized access to sensitive organizational data, modification of existing workflows, and the capability to perform operations at the system level.
Potential impact of CVE-2025-68613
-
Full Compromise of Instance: Successful exploitation enables attackers to gain total control of the n8n instance, potentially accessing and manipulating sensitive data stored within the platform.
-
Unauthorized Workflow Modifications: Attackers could alter existing automation workflows or create malicious workflows, potentially leading to data loss or unintended actions being performed within integrated applications.
-
System-Level Operations Execution: The capacity to execute arbitrary code could allow attackers to initiate additional malicious software or processes on the server, heightening the risk of further system compromise and data breaches.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
n8n >= 0.211.0, < 1.120.4 < 0.211.0, 1.120.4
n8n = 1.121.0 = 1.121.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCVE-2025-68613Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
Critical n8n vulnerability CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
2 days ago
CVSS 9.9 RCE vulnerability in n8n potentially impacts more than 100K servers
The flaw allows an authenticated attacker to run arbitrary code with elevated permissions.
SQ MagazineCVE-2025-68613Massive RCE Threat in n8n Platform Impacts Thousands of Exposed Systems
Over 100K n8n automation platform instances at risk from CVE-2025-68613, a critical RCE flaw. Public PoC increases urgency to patch.
References
EPSS Score
71% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📰
First article discovered by gbhackers.com
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved