AI description
CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.
- Description
- n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- n8n
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-913
- Hype score
- Not currently trending
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/VZPvsjy0f2 #tryhackme via @tryhackme
@__payload__
23 Jan 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 1 - CVE-2025-68613 (Critical RCE) A flaw in n8n allowed authenticated users to escape expression evaluation and run system commands. Patch to 1.120.4+ ASAP. #CyberCIAForge #CVE #n8n #Infosec #CyberSecurity https://t.co/nADaZG1Pgl
@Cyberciaforge
13 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe! Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/3KEnkCD0pv #tryhackme via @tryhackme
@acupunc28094787
12 Jan 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RCE Chain en n8n: Del Zero-Access al Root (CVE-2026-21858 + CVE-2025-68613) #ciberseguridad #hacking https://t.co/OnISVZ3vPm
@FredyBahenaM
11 Jan 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔐 Completed n8n: CVE-2025-68613 on @tryhackme Explored how attackers exploited CVE-2025-68613 in n8n for RCE and why logic flaws in automation platforms have a large blast radius. #tryhackme #CyberSecurityAwareness #CVE2025 #n8n #infosec https://t.co/sF337i5J8h
@Y0ungerSib1ing
11 Jan 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain https://t.co/HLIqfT3D4I #exploit #exploitation #cve #cybersecurity #informationsecurity #ai https://t.co/YtBwvCMR9R
@blackstormsecbr
10 Jan 2026
144 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit Unauthenticated to Root RCE: - LFI via Content-Type confusion - Read /proc/self/environ to find HOME - Steal encryption key + database - Forge admin JWT token - Expression injection sandbox bypass - RCE as root ht
@HackingTeam777
9 Jan 2026
10183 Impressions
45 Retweets
218 Likes
97 Bookmarks
5 Replies
2 Quotes
C'est un beau début d'année pour la FrenchTech avec : 💥 Vulns CVE-2026-21858 et CVE-2025-68613 n8n par @Chocapikk 💥 Vuln Livewire CVE-2025-54068* par @_Worty et @_remsio_ Bravo à vous 🎉 et bonne année 2026 😄 *allez.... fin 2025 c'est presque début 2026 😅
@mynameisv_
9 Jan 2026
424 Impressions
0 Retweets
6 Likes
0 Bookmarks
4 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit Unauthenticated to Root RCE: - LFI via Content-Type confusion - Read /proc/self/environ to find HOME - Steal encryption key + database - Forge admin JWT token - Expression injection sandbox bypass - RCE as root ht
@Hackervidya
8 Jan 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-21858 + CVE-2025-68613: n8n Ni8mare - Full Chain Exploit Unauthenticated to Root RCE: - LFI via Content-Type confusion - Read /proc/self/environ to find HOME - Steal encryption key + database - Forge admin JWT token - Expression injection sandbox bypass - RCE as root ht
@Chocapikk_
7 Jan 2026
36101 Impressions
146 Retweets
596 Likes
318 Bookmarks
8 Replies
8 Quotes
CVE-2025-68613: The 9.9 Critical Flaw Turning n8n Workflows into Silent Backdoors Read the full report on - https://t.co/hYF7GA0Ayo https://t.co/XjpHR0jQJa
@Iambivash007
6 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability Alert: CVE-2025-68613 A severe Remote Code Execution vulnerability (CVSS 9.9) has been discovered in the n8n workflow automation tool, enabling authenticated attackers to run arbitrary code with full process privileges on affected systems. Over 100,000
@XavSecOps
5 Jan 2026
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical n8n RCE vulnerability (CVE-2025-68613) puts automation instances at risk. Authenticated attackers can gain full code execution. Patch now. 🔗 https://t.co/BFLLDrD3ib #CyberSecurity #CVE2025 #AutomationSecurity
@Anavem_
5 Jan 2026
5 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability Alert A critical Remote Code Execution flaw (CVE-2025-68613, CVSS 9.9) in the n8n workflow automation platform could allow authenticated attackers to execute arbitrary code with full process privileges on vulnerable instances. Over 100,000 exposed
@Anavem_
5 Jan 2026
294 Impressions
2 Retweets
5 Likes
0 Bookmarks
1 Reply
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/WIKeWRsOYT #tryhackme via @tryhackme
@mika_sec
5 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔎 #n8n ワークフロー自動化プラットフォームのRCE脆弱性(CVE-2025-68613) オープンソースの自動化プラットフォームであるn8nにおいて、致命的なリモートコード実行(RCE)脆弱性が公開されました。本脆弱
@CriminalIP_JP
5 Jan 2026
167 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
n8n の深刻な脆弱性 CVE-2025-68613 が FIX:懸念される RCE 攻撃とサプライチェーンへの影響 https://t.co/a4ILZb801x この問題の原因は、n8n がワークフロー内で計算や処理を行う式 (エクスプレッション) を評価する仕組
@iototsecnews
5 Jan 2026
174 Impressions
3 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Meet 'NEO'—our Al assistant in development that auto-detects & analyzes vulnerabilities. It successfully reproduced CVE-2025-68613 (n8n Remote Code Execution). Want the full report? Follow & DM @CiciWu41 for details. #n8n #DimZero https://t.co/Qu90gFb3LJ
@CiciWu41
5 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠n8n使ってる人、是非読んでほしい⚠ 今すぐバージョン確認しないとヤバイかも! 【何が起きてるの?】 n8nに深刻な脆弱性が公開された 危険度は10点中9.9点(CVSS 9.9) CVE-2025-68613 【公式の説明】 ワークフ
@xYuria_16
4 Jan 2026
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 CRITICAL n8n REMOTE CODE EXECUTION 🔥 A new RCE vulnerability (CVE-2025-68613) in n8n lets attackers run arbitrary code on exposed workflows. If you use n8n in automation, you must see this before you get compromised. 😱 Fixes, impact, and exploit details here 👇
@thecybersecguru
4 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Meet 'NEO'—our Al assistant in development that auto-detects & analyzes vulnerabilities. It successfully reproduced CVE-2025-68613 (n8n Remote Code Execution). #n8n #DimZero https://t.co/nBeHUFBoTd
@CiciWu41
4 Jan 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances - https://t.co/puBKTjSsXp
@Cyberwarzonecom
3 Jan 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 n8n: CVE-2025-68613 (room walkthrough) #forensics #incidentresponse #cybersecurity #dfir #threatintelligence #tryhackme 📽️https://t.co/xP6ZVj6yd8
@k0st8
3 Jan 2026
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 NVD - CVE-2025-68613 https://t.co/jFBxvknOvu
@netmarkjp
3 Jan 2026
277 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68613: n8n RCE Vulnerability Exploit/PoC: https://t.co/TSchvpTwfF n8n has a critical security flaw that lets authenticated users execute arbitrary code through its workflow expression system. When users configure workflows, the expressions they provide can sometimes be
@DarkWebInformer
2 Jan 2026
47116 Impressions
83 Retweets
631 Likes
367 Bookmarks
9 Replies
8 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/eWp2XIiC3L #tryhackme via @tryhackme
@thatsparthbhatt
2 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚙️ n8n RCE Vulnerability and the Hidden Risk of Automation Platforms CVE-2025-68613 (CVSS 9.9) affects n8n, a widely used workflow automation platform. 🔍 Key takeaway The real risk is not just the vulnerability itself, but internet-exposed n8n instances ac
@CriminalIP_US
2 Jan 2026
123 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🔎 n8n 워크플로우 자동화 플랫폼 RCE 취약점 (CVE-2025-68613) 오픈소스 자동화 플랫폼 n8n에서 치명적인 원격 코드 실행(RCE) 취약점이 공개되었습니다. CVSS 9.9(Critical)로 평가되었으며, 표현식(Expression) 처리 격리 미흡
@CriminalIP_KR
2 Jan 2026
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/tryZX9itKT #tryhackme via @tryhackme
@loneliestwolf3
1 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 n8n [—] Jan 01, 2026 Comprehensive security advisory on critical vulnerabilities, including CVE-2025-68613 and CVE-2025-68668, impacting the n8n workflow automation platform. Aimed at informing enterprise operators, administrators, and integrators about risks, impacts, and
@transilienceai
1 Jan 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/Ts1aVwzDet #tryhackme via @tryhackme
@Th3_Jackal_
31 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This one’s worth a quick pause. A newly disclosed issue (CVE-2025-68613) exposes a critical remote code execution vulnerability in n8n—and yeah, it’s as bad as it sounds. Under certain conditions, an authenticated user could run arbitrary code on the underlying system.
@aren_redd
31 Dec 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 n8n [—] Dec 31, 2025 Comprehensive product security advisory: Critical remote code execution vulnerability (CVE-2025-68613) in n8n workflow automation platform exposes sensitive data, system integrity, and operational availability. Checkout our Threat Intelligence Platform
@transilienceai
31 Dec 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/1qIVO9hyqQ #tryhackme via @tryhackme
@genius_157
30 Dec 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
n8n: CVE-2025-68613 (payload breakdown) . . #securitybreach #BugBounty #Tips #upgrade https://t.co/lKg8zk544e
@insecrez
30 Dec 2025
1437 Impressions
1 Retweet
22 Likes
9 Bookmarks
0 Replies
0 Quotes
n8n workflow automation platform is affected by CVE-2025-68613, a critical RCE in expression evaluation that can lead to full system compromise. Update to n8n 1.120.4, 1.121.1, or 1.122.0 now. Read more: https://t.co/YyM3C8LJX2 #Vulnerability #Cybersecurity https://t.co/KxDwLQ
@wazuh
30 Dec 2025
601 Impressions
6 Retweets
13 Likes
1 Bookmark
0 Replies
0 Quotes
Ready to tackle a legendary 9.9 critical RCE? 🚨 Just added to Hackviser Labs: A hands-on lab for n8n Remote Code Execution (CVE-2025-68613) 🔥 This critical vulnerability just dropped, and we’ve already got the environment ready for you to explore! Perfect for security
@hackviserr
30 Dec 2025
1521 Impressions
6 Retweets
36 Likes
9 Bookmarks
0 Replies
0 Quotes
Meet 'NEO'—our AI assistant in development that auto-detects & analyzes vulnerabilities. It successfully reproduced CVE-2025-68613 (n8n Remote Code Execution). Want the full report? Follow & DM @DimZer0 for details. #n8n #DimZero https://t.co/w0mzAxF1GM
@DimZer0
30 Dec 2025
380 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
2 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/qHDP2rnOX7 #tryhackme via @tryhackme
@IsraelAdeb68181
29 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I did "n8n: CVE-2025-68613" for my 799th @tryhackme room! https://t.co/w6Bnc78krD
@NapaCorruption
28 Dec 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (December 20-27, 2025) 1⃣. CVE-2025-68613: n8n RCE - https://t.co/XPiidLgqCb // Affected versions: 0.211.0 - 1.120.3, 1.121.0. Upgrade to n8n v1.122.0 or later. 2⃣. Cyberattacks
@ksg93rd
28 Dec 2025
2884 Impressions
10 Retweets
46 Likes
13 Bookmarks
0 Replies
0 Quotes
n8nユーザーは全員今すぐ見て! 緊急脆弱性(CVE-2025-68613)が出ていてアップデート必須!! 放置は乗っ取りのリスク。 でも準備なしのアプデはもっと危険。 2.x系ではOSコマンドノードが消え、全自動化が
@nishihiko117
28 Dec 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Remote attackers exploit n8n’s expression engine to hijack servers. Learn how CVE-2025-68613 risks your workflows-and how to stop it fast. 👉 Dive into the full a
@PurpleOps_io
27 Dec 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Completed n8n: CVE-2025-68613 ✔️ Abusing exposed workflows → JS injection → command execution ⚡ Hands-on learning hits different. #TryHackMe #n8n #CVE #WebSecurity #BugBounty #CyberSecurity https://t.co/XqqZ0QLqsl
@pal97530
26 Dec 2025
61 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New plugin: N8nPlugin (CVE-2025-68613, CVE-2025-65964, CVE-2025-62726). n8n Workflow Automation multiple vulnerabilities detection. Results: https://t.co/GvJen2HstB https://t.co/rDYWed4haO
@leak_ix
26 Dec 2025
2109 Impressions
4 Retweets
14 Likes
7 Bookmarks
1 Reply
0 Quotes
I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/ZrhXoXcefA #tryhackme via @tryhackme
@Madushanxj
26 Dec 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
正直、背筋が凍りました。 n8nを使っている方、今すぐこれだけ確認してください。 ログインできる人が1人でもいれば、 あなたのサーバーが『完全に乗っ取られます』 そんな冗談みたいな脆弱性(CVE-2025-68
@uday_dx
25 Dec 2025
139 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Day 25/60 – GRC/SOC journey I just completed n8n: CVE-2025-68613 room on TryHackMe. Learn how adversaries can exploit the CVE-2025-68613 vulnerability in n8n. https://t.co/V3tNNLalEZ #tryhackme via @tryhackme
@Cybytez
25 Dec 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 PoC released for CVE-2025-68613 (CVSS 9.9) – Authenticated RCE in n8n via expression injection! Repo: https://t.co/6216bLgI1w #n8n #CVE202568613 #RCE #CyberSecurity #CVE
@MBanyamer78465
25 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical remote code execution flaw (CVE-2025-68613, CVSS 9.9) affects n8n versions before Dec 2025 patches. Over 400 instances exposed online in Italy. Updates released in versions 1.120.4, 1.121.1, 1.122.0. #n8n #RemoteCodeExec #Italy https://t.co/8P0aBynlV5
@TweetThreatNews
25 Dec 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "C9961CCA-C266-4997-AA60-A32EFD3BAFF9",
"versionEndExcluding": "1.120.4",
"versionStartIncluding": "0.211.0"
},
{
"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "31229D05-451F-4652-A5F7-18C9460949FA",
"versionEndExcluding": "1.121.1",
"versionStartIncluding": "1.121.0"
}
],
"operator": "OR"
}
]
}
]