Remote Code Execution Vulnerability in n8n Automation Platform
CVE-2025-68613
Key Information:
Badges
What is CVE-2025-68613?
CVE-2025-68613 is a critical vulnerability identified within the n8n automation platform, an open-source tool designed for creating and automating complex workflows across various applications. This specific vulnerability is categorized as a Remote Code Execution (RCE) flaw and affects versions 0.211.0 through certain releases before 1.120.4, 1.121.1, and 1.122.0. Under certain conditions, expressions inputted by authenticated users during the configuration of workflows can be executed in an insufficiently isolated context, potentially allowing an attacker with valid credentials to execute arbitrary code. The implications of this vulnerability are severe, as it grants attackers the ability to exploit the n8n process's privileges, leading to full compromise of the instance. This can result in unauthorized access to sensitive organizational data, modification of existing workflows, and the capability to perform operations at the system level.
Potential impact of CVE-2025-68613
-
Full Compromise of Instance: Successful exploitation enables attackers to gain total control of the n8n instance, potentially accessing and manipulating sensitive data stored within the platform.
-
Unauthorized Workflow Modifications: Attackers could alter existing automation workflows or create malicious workflows, potentially leading to data loss or unintended actions being performed within integrated applications.
-
System-Level Operations Execution: The capacity to execute arbitrary code could allow attackers to initiate additional malicious software or processes on the server, heightening the risk of further system compromise and data breaches.
CISA has reported CVE-2025-68613
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-68613 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
n8n >= 0.211.0, < 1.120.4 < 0.211.0, 1.120.4
n8n = 1.121.0 = 1.121.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCVE-2025-68613CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
CISA adds n8n RCE flaw CVE-2025-68613 to KEV after active exploitation; 24,700 exposed instances raise compromise risk.
1 week ago
CISA orders feds to patch n8n RCE flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability.
2 weeks ago
The Hacker NewsCVE-2025-68613Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
Critical n8n vulnerability CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
References
EPSS Score
76% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📰
First article discovered by gbhackers.com
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved