Remote Code Execution Vulnerability in n8n Automation Platform
CVE-2025-68613

10CRITICAL

Key Information:

Vendor

N8n-io

Status
N8n
Vendor
CVE Published:
19 December 2025

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 38,300👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-68613?

CVE-2025-68613 is a critical vulnerability identified within the n8n automation platform, an open-source tool designed for creating and automating complex workflows across various applications. This specific vulnerability is categorized as a Remote Code Execution (RCE) flaw and affects versions 0.211.0 through certain releases before 1.120.4, 1.121.1, and 1.122.0. Under certain conditions, expressions inputted by authenticated users during the configuration of workflows can be executed in an insufficiently isolated context, potentially allowing an attacker with valid credentials to execute arbitrary code. The implications of this vulnerability are severe, as it grants attackers the ability to exploit the n8n process's privileges, leading to full compromise of the instance. This can result in unauthorized access to sensitive organizational data, modification of existing workflows, and the capability to perform operations at the system level.

Potential impact of CVE-2025-68613

  1. Full Compromise of Instance: Successful exploitation enables attackers to gain total control of the n8n instance, potentially accessing and manipulating sensitive data stored within the platform.

  2. Unauthorized Workflow Modifications: Attackers could alter existing automation workflows or create malicious workflows, potentially leading to data loss or unintended actions being performed within integrated applications.

  3. System-Level Operations Execution: The capacity to execute arbitrary code could allow attackers to initiate additional malicious software or processes on the server, heightening the risk of further system compromise and data breaches.

Affected Version(s)

n8n >= 0.211.0, < 1.120.4 < 0.211.0, 1.120.4

n8n = 1.121.0 = 1.121.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

n8n-CVE-2025-68613
Created by LingerANR

n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate
Created by hackersatyamrastogi

POC-CVE-2025-68613
Created by GnuTLam

News Articles

favicon imageSC Media

CVSS 9.9 RCE vulnerability in n8n potentially impacts more than 100K servers

The flaw allows an authenticated attacker to run arbitrary code with elevated permissions.

2 weeks ago

favicon imageSQ Magazine

Massive RCE Threat in n8n Platform Impacts Thousands of Exposed Systems

Over 100K n8n automation platform instances at risk from CVE-2025-68613, a critical RCE flaw. Public PoC increases urgency to patch.

2 weeks ago

favicon imageCyber Press

Critical n8n Automation Platform Vulnerability Enables RCE, Exposing 103,000+ Instances

The vulnerability, tracked as CVE-2025-68613, carries a severe CVSS score of 9.9, indicating near-maximum criticality.

2 weeks ago

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-v9...
x_refsource_CONFIRM
https://github.com/n8n-io/n8n/commit/08f332015153decdda3c...
x_refsource_MISC
https://github.com/n8n-io/n8n/commit/1c933358acef527ff614...
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📰

    First article discovered by gbhackers.com

  • 📈

    Vulnerability started trending

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68613 : Remote Code Execution Vulnerability in n8n Automation Platform