"Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. In plain terms, it means that an attacker with access to a low-privilege account could assume control of the entire n8n instance and abuse it to potentially access secrets such as passwords or push malicious code by modifying workflows."
"CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score. The bug was first disclosed in December, and vendors such as Resecurity said that of n8n's roughly 230,000 active users, more than 103,000 appeared to be vulnerable."
"n8n's advisory states that, under certain conditions, authenticated attackers can inject payloads into expressions that are then executed without validation. CVE-2025-68613 can lead to RCE on the open source workflow automation platform, with potential consequences ranging from simple data theft to full-blown supply chain compromise."
CISA has confirmed active exploitation of CVE-2025-68613, a maximum-severity remote code execution vulnerability in n8n workflow automation platform, with a 9.9 vulnerability score. The vulnerability allows authenticated attackers to inject payloads into expressions that execute without validation, potentially leading to full instance compromise, unauthorized data access, workflow modification, and system-level operations. Over 103,000 of n8n's 230,000 active users are vulnerable. The bug was disclosed in December and patched in version 1.122.0. Federal civilian executive branch agencies must upgrade by March 25. Low-privilege account holders can exploit this to gain complete control, access secrets, and inject malicious code.
#cybersecurity-vulnerability #remote-code-execution #n8n-workflow-automation #cisa-advisory #critical-patch
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]