- Description
- n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- n8n
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
- Exploit added on
- Mar 11, 2026
- Exploit action due
- Mar 25, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CISA's deadline to patch n8n is literally today. CVE-2025-68613 scores 9.9. Remote code execution. 24,700 instances still exposed. n8n is the tool people use to automate their workflows with AI agents. Ironic that the automation platform itself became the vulnerability. Patch
@AnthonyEveryWhr
25 Mar 2026
127 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
n8n CVE-2025-68613 + CVE-2026-21858 chain is getting active exploitation. CISA KEV only lists 68613 — but 21858 (unauth RCE) is the one doing damage. 14K+ exposed instances per Shodan. Our feeds have tracked 2,200+ items on this. Self-hosted n8n: patch both, now.
@CybrPulse
25 Mar 2026
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 THREAT INTEL Mar 25 | 🔴 CRITICAL RCE: Cisco FMC CVE-2026-20131 (ransomware active!) | 🟠 Patch TODAY: n8n CVE-2025-68613 | 🦠 Active: QakBot, Vidar, CobaltStrike | ⚠️ Russian APT hijacking Signal/WhatsApp | 🛡️ Block: 50.16.16.211 #CyberSecurity #ThreatIntel h
@404LABSx
25 Mar 2026
125 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/ Twoja instancja n8n trzyma klucze AWS, hasła DB i tokeny OAuth. Luka CVE-2025-68613 (9.9/10) pozwala wpisać kod w pole "Imię" formularza i dostać shell access. 24 700 instancji niezałatanych. Checklista w wątku: https://t.co/LNAs743T20
@BartekChudzikAI
24 Mar 2026
115 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 CVE-2025-68613: n8n improper code control—RCE exploited, CISA KEV Mar 2026. Workflow automation = attacker playground. https://t.co/55bQlSYR96
@TheRabbitPy
23 Mar 2026
95 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: n8n RCE (CVE-2025-68613, CVSS 9.9) - 24,700 exposed instances, federal patch deadline March 25. This isn't just a patch. n8n is the stitching layer between your tools. Compromise = attacker inherits whatever the automation account touches.
@KTLYST_labs
23 Mar 2026
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New research shows a gap in CISA KEV for n8n. CVE-2025-68613 can be chained with CVE-2026-21858 (not in KEV) for unauthenticated RCE, and exploitation is already happening. 14K+ exposed instances and links to MuddyWater suggest the risk is understated: https://t.co/dgirWHh65P
@VulnCheckAI
20 Mar 2026
684 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 n8n RCE (CVE-2025-68613): auth RCE via workflow expression eval (CWE-913), no admin needed, patched Dec 2025, exploits since Dec 22, in-the-wild Dec 26, CISA KEV Mar 11. #n8n #RCE ➡️ https://t.co/1S27HS6xRu https://t.co/AjiKbCSYTc
@leonov_av
20 Mar 2026
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns hackers exploit CVE-2025-68613, a max-severity (9.9) RCE vulnerability in workflow automation platform n8n. Authenticated attackers can achieve full system compromise; 103K+ users remain vulnerable. Federal agencies must patch by March 25. https://t.co/DaDyzHmiKP
@WalkureARCH
19 Mar 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
n8n RCE in older releases is no longer just a patch note. CISA added CVE-2025-68613 to KEV after active exploitation was confirmed. For Linux teams, that matters because n8n often runs on Debian or Ubuntu hosts with access to secrets and internal services. Check exposed 5678 ht
@lnxsec
19 Mar 2026
193 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CISA: Actively exploited n8n RCE bug - CVSS 9.9 CVE-2025-68613: Expression injection leading to remote code execution. If you run n8n, patch NOW. Your AI workflows are only as secure as your weakest link. Install: npx clawhub install moltguard #AISecurity
@thomaslwang
19 Mar 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
n8n 1.122.0 Critical RCE Auth Bypass Exploit CVE-2025-68613 #Security #Linux https://t.co/ti0KbZNG8g
@gnoppixlinux
19 Mar 2026
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
.@CISAgov added a critical @n8n_io RCE flaw (CVE-2025-68613) to its KEV list, citing active exploitation risks. Federal agencies must patch within two weeks to prevent potential full system compromise. #cybersecurity #infosec #ITsecurity #CISO https://t.co/pJPG4tgy9f
@SCMagazine
17 Mar 2026
581 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT 🚨: The automation platform n8n just flagged a CVSS 10.0 Remote Code Execution flaw (CVE-2025-68613) under active attack today. If you use automation to run your life or business, the door is wide open. Hackers aren't just taking data; they’re taking the Controls.
@ThePattyroller
17 Mar 2026
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
.@CISAgov added a critical @n8n_io RCE flaw (CVE-2025-68613) to its KEV list, citing active exploitation risks. Federal agencies must patch within two weeks to prevent potential full system compromise. #cybersecurity #infosec #ITsecurity #CISO https://t.co/pJPG4tgy9f
@SCMagazine
16 Mar 2026
189 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA added CVE-2025-68613 (score 9.9) to its KEV list. It's a critical flaw in n8n, allowing remote code execution via expression injection. The vulnerability has been patched. https://t.co/VjFNSc0Bxe
@technoholic_me
16 Mar 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-68613: Vulnerabilidad Crítica en n8n para Ejecución Remota de Código Análisis técnico de CVE-2025-68613 en n8n, una falla crítica (CVSS 9.9) que permite RCE. Impacto, mitigaciones y recomendaciones para profesionales de cibersegu https://t.co/AcsxD1UnFn #c
@CiberPlanetaOrg
16 Mar 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad en n8n de Control Improper de Recursos de Código Dinámicamente Gestionados (CVE-2025-68613) n8n presenta una vulnerabilidad CWE-913 en su sistema de evaluación de expresiones de workflows, permitiendo ejecución remota de código (RC
@CiberPlanetaOrg
16 Mar 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad en Control Impropio de Recursos de Código Dinámicos en n8n (CVE-2025-68613) Vulnerabilidad crítica en n8n permite ejecución remota de código (RCE) mediante control inadecuado de recursos de código dinámicos en el sistema de evalu
@CiberPlanetaOrg
16 Mar 2026
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added n8n RCE vulnerability to KEV catalog — critical flaw (CVE-2025-68613) with active exploitation risks. Federal agencies have 2 weeks to patch or face potential full system compromise. #Cybersecurity https://t.co/oENjMdPjBv
@battista212
15 Mar 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
.@CISAgov added a critical @n8n_io RCE flaw (CVE-2025-68613) to its KEV list, citing active exploitation risks. Federal agencies must patch within two weeks to prevent potential full system compromise. #cybersecurity #infosec #ITsecurity #CISO https://t.co/pJPG4tgy9f
@SCMagazine
15 Mar 2026
709 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. https://t.co/stMhb454X3
@HorstKrieger
14 Mar 2026
137 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ CISA KEV: n8n workflow automation RCE (CVE-2025-68613) Workflow automation platforms are the new target. Unauthenticated remote code execution in n8n - the 'fair-code' alternative to Zapier. If you're automating workflows with n8n in your DIS environment, read this threa
@DeusLogica
14 Mar 2026
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
6 Replies
0 Quotes
If you are running a self-hosted n8n instance, patch it right now. CVE-2025-68613 is a critical remote code execution flaw. It's zero-click, requires no authentication, and is actively being exploited. CISA just added it to their known exploited list. But there is a bigger http
@BrandGrowthOS
14 Mar 2026
159 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-68613 (n8n RCE) just added to CISA KEV. Authenticated attackers can exec code and harvest stored credentials. 24,700+ instances exposed. Fed patch deadline: Mar 25. If n8n is in your automation stack, this one's not optional.
@CybrPulse
14 Mar 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
n8n Vulnerability Analysis: CVE-2025-68613, CVE-2026-21858, CVE-2026-25049 https://t.co/OkUxRBFKB6 #cyber #threathunting #infosec
@blueteamsec1
13 Mar 2026
917 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
ALERT — A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform. CVE-2025-68613 letsauthenticated users execute arbitrary code, enabling full instance takeover, data access, and system-level actions. More than 103k exposed instances are observed globall
@EthicForgecyber
13 Mar 2026
123 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds n8n RCE vulnerability CVE-2025-68613 to Known Exploited Vulnerabilities catalog amid active attacks. Over 24,700 unpatched instances remain online despite December 2025 patches.
@EthicForgecyber
13 Mar 2026
126 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA warns of an actively exploited RCE vulnerability in n8n (CVE-2025-68613). Over 24,700 instances remain exposed online, putting organizations at risk of remote code execution attacks. Read more 👇 https://t.co/ZXYWmLpw1x
@sctocs25
13 Mar 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags n8n RCE as Actively Exploited, Forcing Urgent Federal Patching CISA added CVE-2025-68613, a critical remote code execution flaw in n8n, to its KEV catalog after active exploitation, warning that authenticated attackers can execute arbitrary commands and potentiall
@ThreatSynop
13 Mar 2026
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA flags critical n8n RCE vulnerability CVE-2025-68613 as actively exploited. Over 24,700 instances remain unpatched. Immediate action required! Link: https://t.co/RNKuqsdlma #Vulnerability #Security #Exploit #Patch #CVE #Alert #Threat #Risk #Network #Update #Cyber #Tech #Data
@dailytechonx
13 Mar 2026
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SecurityWeek Roundup Spotlights Exploited n8n RCE, AI-Generated Slopoly, and Global Cybercrime Takedowns SecurityWeek’s roundup highlights multiple notable developments, including CISA adding CVE-2025-68613 in n8n to the KEV catalog, IBM’s discovery of the likely AI-gene
@ThreatSynop
13 Mar 2026
123 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
.@CISAgov added a critical @n8n_io RCE flaw (CVE-2025-68613) to its KEV list, citing active exploitation risks. Federal agencies must patch within two weeks to prevent potential full system compromise. #cybersecurity #infosec #ITsecurity #CISO https://t.co/pJPG4tgy9f
@SCMagazine
13 Mar 2026
504 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA added n8n RCE CVE-2025-68613 to KEV (active exploitation). Reports say 24,700+ unpatched instances still exposed. Patch ASAP (fixed in 1.120.4 / 1.121.1 / 1.122.0) + restrict access until updated. https://t.co/sMDNWiBU6i #CyberSecurity #CISA #n8n #RCE #Vulert
@vulert_official
13 Mar 2026
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تحذير CISA: ثغرة حرجة في n8n مستغلة الآن CVE-2025-68613 تقييم CVSS 9.9 تنفيذ كود عن بعد بدون مصادقة +24,700 نسخة مكشوفة على الإنترنت الحل: التحديث لنسخة v1.122.0 لو تستخدم n8n ب
@Najla_2026
13 Mar 2026
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-20127 2 - CVE-2023-43010 3 - CVE-2026-21385 4 - CVE-2025-68613 5 - CVE-2026-25185 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Mar 2026
243 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA has added a critical vulnerability, CVE-2025-68613 (CVSS 9.9), affecting n8n to its Known Exploited Vulnerabilities catalog due to active exploitation. https://t.co/GVwmc9k4gR
@securityRSS
13 Mar 2026
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68613 in #n8n is a textbook expression injection. When automation platforms evaluate user-controlled strings in expressions like $json or $node without sanitization, you get RCE vectors. If you self-host n8n: patch immediately and audit any node processing external
@AiHeus89208
13 Mar 2026
113 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows authenticated attackers exploiting CVE-2025-68613 to achieve full n8n system compromise through workflow expression manipulation. Post-compromise lateral movement across network infrastructure demonstrates how single application vulnerabilities can expand into
@aviatrixtrc
13 Mar 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds critical n8n vulnerability (CVE-2025-68613) to KEV catalog amid active exploitation. Over 24,700 instances remain unpatched. Update now to secure your systems. Link: https://t.co/29Jvorjyy8 #Security #Vulnerability #CISA #Update #Patch #Exploit #Critical #Systems #Cyber
@dailytechonx
12 Mar 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68613 / CVE-2026-27577 / CVE-2026-27493 ⚠️ n8n Workflow Automation – Actively Exploited RCE (CISA KEV) CISA has added CVE-2025-68613 (CVSS 10.0) to its KEV catalogue following evidence of active exploitation impacting n8n. The flaw is an improper control
@modat_magnify
12 Mar 2026
243 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Today CVE: CVE-2025-68613 KEV updates are essentially a map of real-world exploitation. Another workflow automation platform. Another expression evaluation system that trusts user input too much.
@EdgeDetectOps
12 Mar 2026
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
CISA has added a critical vulnerability, CVE-2025-68613 (CVSS 9.9), affecting n8n to its Known Exploited Vulnerabilities catalog due to active exploitation. https://t.co/GVwmc9k4gR
@securityRSS
12 Mar 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68613 (CVSS 9.9) in n8n is on CISA's KEV with confirmed active exploitation. Authenticated RCE via expression injection, 103,000+ instances still exposed. If you run n8n, upgrade to v1.122.0 now. https://t.co/wgHtFqY1fF
@CybrPulse
12 Mar 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔎 Trending CVE Für CVE-2025-68613 in der Workflow-Automation-Plattform n8n wurde eine aktive Ausnutzung der Remote Code Execution Schwachstelle beobachtet. Sicherheitsupdates sind verfügbar. https://t.co/LtyhAZk2Jd #cve #n8n #cybersecurity https://t.co/XoayauqDbC
@VulnDex
12 Mar 2026
95 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidade n8n crítica (CVE-2025-68613) exige atualização urgente https://t.co/aqZmIjVRqM
@SempreUpdate
12 Mar 2026
112 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Vulnerabilidade CVE-2025-68613 em n8n permite execução remota de código devido ao controle inadequado de recursos dinâmicos. Aplique as correções conforme instruções do fornecedor ou descontinue o uso do produto. Ação necessária até 25/03/2026. #CyberSecurity #In
@fernandokarl
12 Mar 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68613 in n8n: seit Januar bekannt, jetzt aktiv ausgenutzt. CISA-Warnung draußen. Ende Januar noch ~8.000 verwundbare Systeme in Europa im Netz. Wer Automatisierungs-Tools betreibt und nicht patcht, automatisiert irgendwann für jemand anderen. https://t.co/7KNkloA59U
@NolteIT
12 Mar 2026
119 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds n8n RCE vulnerability CVE-2025-68613 to Known Exploited Vulnerabilities catalog amid active attacks. Over 24,700 unpatched instances remain online despite December 2025 patches. #RemoteCodeExec #n8nBug #USA https://t.co/jDtq8ra7iE
@TweetThreatNews
12 Mar 2026
175 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA is now reporting that CVE-2025-68613 is actively being exploited in the wild. Scan your infrastructure to see if you’re vulnerable: https://t.co/1BcYyHbjM7
@rxerium
12 Mar 2026
4072 Impressions
8 Retweets
29 Likes
25 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "C9961CCA-C266-4997-AA60-A32EFD3BAFF9",
"versionEndExcluding": "1.120.4",
"versionStartIncluding": "0.211.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:n8n:n8n:1.121.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9FD26170-639E-4E8E-9AF2-5966FD81B4D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]