AI description
CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.
- Description
- n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- n8n
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-913
- Hype score
- Not currently trending
CVE-2026-21858+ CVE-2025-68613: n8n Ni8mare - Full Chain Exploit Unauthenticated to Root RCE: - LFI via Content-Type confusion Read/proc/self/environ to find HOME - Steal encryption key + database - Forge admin WT token - Expression injection sandbox bypass RCE as root ht
@Danodi_j6
6 Feb 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical n8n Vulnerabilities: CVE-2025-68613 and CVE-2026-25049 Analysis https://t.co/dnlA8vkg4J #CyberSecurity #Vulnerability
@LandscapeThreat
5 Feb 2026
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
n8n’s CVE-2026-25049 lets an authenticated user craft workflow expressions that break the sandbox and run arbitrary OS commands - a critical 9.4 RCE that bypasses the prior CVE-2025-68613 fix. Upgrade to 1.123.17/2.5.2 or isolate the service now. https://t.co/gIJiGLFkC4 #infose
@CyberDaily_News
5 Feb 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Faille critique dans n8n CVE-2026-25049 : vulnérabilité critique contournant un précédent correctif (CVE-2025-68613). Exécution de code possible via workflow ou webhook public. Si vous utilisez n8n, mettez à jour immédiatement. https://t.co/5kCmR1zRB4 #security #cve #n
@foudreclair
5 Feb 2026
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 أعلنت عن ثغرة حاسمة جديدة في منصة n8n لأتمتة التدفقات، CVE-2026-25049، قد تتيح تنفيذ أوامر نظامية عبر مسارات عمل ضارة. بقيمة CVSS 9.4، تعود إلى فشل في تنقية المدخلا
@Cybercachear
5 Feb 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I recently discovered two new RCE vulnerabilities in n8n. One is a bypass for my previous finding (CVE-2025-68613), and the other is a fresh Command Injection in the Git Node. 1. The Sandbox Escape (CVE-2026-25049) I managed to bypass the fix for my original report
@fatihclk01
4 Feb 2026
13911 Impressions
30 Retweets
166 Likes
65 Bookmarks
7 Replies
3 Quotes
n8n CVE-2025-68613 RCE Exploitation: A Detailed Guide @SecureLayer7 https://t.co/m7goEscwY9
@pentest_swissky
31 Jan 2026
2136 Impressions
5 Retweets
28 Likes
12 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe! Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/yBIdiv3lGo #tryhackme через @tryhackme
@mrBr4un
30 Jan 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IMPORTANT: Upgrade your self hosted n8n! All supported versions prior to 2.0.0 are affected. CVE-2025-68613 https://t.co/v5KUleCXlR CVE-2025-68668 https://t.co/PW7rPZkWK6 CVE-2026-21858 https://t.co/GK2twlNwnR CVE-2026-21877 https://t.co/DLDO9vYlfa
@igz4rd
28 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/7s4Nhsy10k #tryhackme @tryhackme aracılığıyla
@aySahinay
27 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
n8n: CVE-2025-68613 https://t.co/irqBFgZ8gC
@_shadowintel_
27 Jan 2026
1044 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/VZPvsjy0f2 #tryhackme via @tryhackme
@offsec97
23 Jan 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 1 - CVE-2025-68613 (Critical RCE) A flaw in n8n allowed authenticated users to escape expression evaluation and run system commands. Patch to 1.120.4+ ASAP. #CyberCIAForge #CVE #n8n #Infosec #CyberSecurity https://t.co/nADaZG1Pgl
@Cyberciaforge
13 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe! Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/3KEnkCD0pv #tryhackme via @tryhackme
@acupunc28094787
12 Jan 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE Chain en n8n: Del Zero-Access al Root (CVE-2026-21858 + CVE-2025-68613) #ciberseguridad #hacking https://t.co/OnISVZ3vPm
@FredyBahenaM
11 Jan 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔐 Completed n8n: CVE-2025-68613 on @tryhackme Explored how attackers exploited CVE-2025-68613 in n8n for RCE and why logic flaws in automation platforms have a large blast radius. #tryhackme #CyberSecurityAwareness #CVE2025 #n8n #infosec https://t.co/sF337i5J8h
@Y0ungerSib1ing
11 Jan 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain https://t.co/HLIqfT3D4I #exploit #exploitation #cve #cybersecurity #informationsecurity #ai https://t.co/YtBwvCMR9R
@blackstormsecbr
10 Jan 2026
144 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit Unauthenticated to Root RCE: - LFI via Content-Type confusion - Read /proc/self/environ to find HOME - Steal encryption key + database - Forge admin JWT token - Expression injection sandbox bypass - RCE as root ht
@HackingTeam777
9 Jan 2026
10183 Impressions
45 Retweets
218 Likes
97 Bookmarks
5 Replies
2 Quotes
C'est un beau début d'année pour la FrenchTech avec : 💥 Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @Chocapikk 💥 Vuln Livewire CVE-2025-54068* par @_Worty et @_remsio_ Bravo à vous 🎉 et bonne année 2026 😄 *allez.... fin 2025 c'est presque début 2026 😅
@mynameisv_
9 Jan 2026
424 Impressions
0 Retweets
6 Likes
0 Bookmarks
4 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit Unauthenticated to Root RCE: - LFI via Content-Type confusion - Read /proc/self/environ to find HOME - Steal encryption key + database - Forge admin JWT token - Expression injection sandbox bypass - RCE as root ht
@Hackervidya
8 Jan 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit Unauthenticated to Root RCE: - LFI via Content-Type confusion - Read /proc/self/environ to find HOME - Steal encryption key + database - Forge admin JWT token - Expression injection sandbox bypass - RCE as root ht
@Chocapikk_
7 Jan 2026
36101 Impressions
146 Retweets
596 Likes
318 Bookmarks
8 Replies
8 Quotes
CVE-2025-68613: The 9.9 Critical Flaw Turning n8n Workflows into Silent Backdoors Read the full report on - https://t.co/hYF7GA0Ayo https://t.co/XjpHR0jQJa
@cyberbivash
6 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability Alert: CVE-2025-68613 A severe Remote Code Execution vulnerability (CVSS 9.9) has been discovered in the n8n workflow automation tool, enabling authenticated attackers to run arbitrary code with full process privileges on affected systems. Over 100,000
@XavSecOps
5 Jan 2026
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical n8n RCE vulnerability (CVE-2025-68613) puts automation instances at risk. Authenticated attackers can gain full code execution. Patch now. 🔗 https://t.co/BFLLDrD3ib #CyberSecurity #CVE2025 #AutomationSecurity
@Anavem_
5 Jan 2026
5 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability Alert A critical Remote Code Execution flaw (CVE-2025-68613, CVSS 9.9) in the n8n workflow automation platform could allow authenticated attackers to execute arbitrary code with full process privileges on vulnerable instances. Over 100,000 exposed
@Anavem_
5 Jan 2026
294 Impressions
2 Retweets
5 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/WIKeWRsOYT #tryhackme via @tryhackme
@mika_sec
5 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔎 #n8n ワークフロー自動化プラットフォームのRCE脆弱性(CVE-2025-68613) オープンソースの自動化プラットフォームであるn8nにおいて、致命的なリモートコード実行(RCE)脆弱性が公開されました。本脆弱
@CriminalIP_JP
5 Jan 2026
167 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
n8n の深刻な脆弱性 CVE-2025-68613 が FIX:懸念される RCE 攻撃とサプライチェーンへの影響 https://t.co/a4ILZb801x この問題の原因は、n8n がワークフロー内で計算や処理を行う式 (エクスプレッション) を評価する仕組
@iototsecnews
5 Jan 2026
174 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Meet 'NEO'—our Al assistant in development that auto-detects & analyzes vulnerabilities. It successfully reproduced CVE-2025-68613 (n8n Remote Code Execution). Want the full report? Follow & DM @CiciWu41 for details. #n8n #DimZero https://t.co/Qu90gFb3LJ
@CiciWu41
5 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠n8n使ってる人、是非読んでほしい⚠ 今すぐバージョン確認しないとヤバイかも! 【何が起きてるの?】 n8nに深刻な脆弱性が公開された 危険度は10点中9.9点(CVSS 9.9) CVE-2025-68613 【公式の説明】 ワークフ
@xYuria_16
4 Jan 2026
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 CRITICAL n8n REMOTE CODE EXECUTION 🔥 A new RCE vulnerability (CVE-2025-68613) in n8n lets attackers run arbitrary code on exposed workflows. If you use n8n in automation, you must see this before you get compromised. 😱 Fixes, impact, and exploit details here 👇
@thecybersecguru
4 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Meet 'NEO'—our Al assistant in development that auto-detects & analyzes vulnerabilities. It successfully reproduced CVE-2025-68613 (n8n Remote Code Execution). #n8n #DimZero https://t.co/nBeHUFBoTd
@CiciWu41
4 Jan 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances - https://t.co/puBKTjSsXp
@Cyberwarzonecom
3 Jan 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 n8n: CVE-2025-68613 (room walkthrough) #forensics #incidentresponse #cybersecurity #dfir #threatintelligence #tryhackme 📽️https://t.co/xP6ZVj6yd8
@k0st8
3 Jan 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 NVD - CVE-2025-68613 https://t.co/jFBxvknOvu
@netmarkjp
3 Jan 2026
277 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68613: n8n RCE Vulnerability Exploit/PoC: https://t.co/TSchvpTwfF n8n has a critical security flaw that lets authenticated users execute arbitrary code through its workflow expression system. When users configure workflows, the expressions they provide can sometimes be
@DarkWebInformer
2 Jan 2026
47116 Impressions
83 Retweets
631 Likes
367 Bookmarks
9 Replies
8 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/eWp2XIiC3L #tryhackme via @tryhackme
@thatsparthbhatt
2 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚙️ n8n RCE Vulnerability and the Hidden Risk of Automation Platforms CVE-2025-68613 (CVSS 9.9) affects n8n, a widely used workflow automation platform. 🔍 Key takeaway The real risk is not just the vulnerability itself, but internet-exposed n8n instances ac
@CriminalIP_US
2 Jan 2026
123 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🔎 n8n 워크플로우 자동화 플랫폼 RCE 취약점 (CVE-2025-68613) 오픈소스 자동화 플랫폼 n8n에서 치명적인 원격 코드 실행(RCE) 취약점이 공개되었습니다. CVSS 9.9(Critical)로 평가되었으며, 표현식(Expression) 처리 격리 미흡
@CriminalIP_KR
2 Jan 2026
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/tryZX9itKT #tryhackme via @tryhackme
@loneliestwolf3
1 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 n8n [—] Jan 01, 2026 Comprehensive security advisory on critical vulnerabilities, including CVE-2025-68613 and CVE-2025-68668, impacting the n8n workflow automation platform. Aimed at informing enterprise operators, administrators, and integrators about risks, impacts, and
@transilienceai
1 Jan 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/Ts1aVwzDet #tryhackme via @tryhackme
@Th3_Jackal_
31 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This one’s worth a quick pause. A newly disclosed issue (CVE-2025-68613) exposes a critical remote code execution vulnerability in n8n—and yeah, it’s as bad as it sounds. Under certain conditions, an authenticated user could run arbitrary code on the underlying system.
@aren_redd
31 Dec 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 n8n [—] Dec 31, 2025 Comprehensive product security advisory: Critical remote code execution vulnerability (CVE-2025-68613) in n8n workflow automation platform exposes sensitive data, system integrity, and operational availability. Checkout our Threat Intelligence Platform
@transilienceai
31 Dec 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/1qIVO9hyqQ #tryhackme via @tryhackme
@genius_157
30 Dec 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
n8n: CVE-2025-68613 (payload breakdown) . . #securitybreach #BugBounty #Tips #upgrade https://t.co/lKg8zk544e
@insecrez
30 Dec 2025
1437 Impressions
1 Retweet
22 Likes
9 Bookmarks
0 Replies
0 Quotes
n8n workflow automation platform is affected by CVE-2025-68613, a critical RCE in expression evaluation that can lead to full system compromise. Update to n8n 1.120.4, 1.121.1, or 1.122.0 now. Read more: https://t.co/YyM3C8LJX2 #Vulnerability #Cybersecurity https://t.co/KxDwLQ
@wazuh
30 Dec 2025
601 Impressions
6 Retweets
13 Likes
1 Bookmark
0 Replies
0 Quotes
Ready to tackle a legendary 9.9 critical RCE? 🚨 Just added to Hackviser Labs: A hands-on lab for n8n Remote Code Execution (CVE-2025-68613) 🔥 This critical vulnerability just dropped, and we’ve already got the environment ready for you to explore! Perfect for security
@hackviserr
30 Dec 2025
1521 Impressions
6 Retweets
36 Likes
9 Bookmarks
0 Replies
0 Quotes
Meet 'NEO'—our AI assistant in development that auto-detects & analyzes vulnerabilities. It successfully reproduced CVE-2025-68613 (n8n Remote Code Execution). Want the full report? Follow & DM @DimZer0 for details. #n8n #DimZero https://t.co/w0mzAxF1GM
@DimZer0
30 Dec 2025
380 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
2 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/qHDP2rnOX7 #tryhackme via @tryhackme
@IsraelAdeb68181
29 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "C9961CCA-C266-4997-AA60-A32EFD3BAFF9",
"versionEndExcluding": "1.120.4",
"versionStartIncluding": "0.211.0"
},
{
"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "31229D05-451F-4652-A5F7-18C9460949FA",
"versionEndExcluding": "1.121.1",
"versionStartIncluding": "1.121.0"
}
],
"operator": "OR"
}
]
}
]