Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-b5ba-g4u9-jkgx
Vulnerability ID VCID-b5ba-g4u9-jkgx
Aliases CVE-2025-68613
GHSA-v98v-ff95-f3cp
Summary n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-913 Improper Control of Dynamically-Managed Code Resources
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.68312 https://api.first.org/data/v1/epss?cve=CVE-2025-68613
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-v98v-ff95-f3cp
cvssv3.1 9.9 https://github.com/n8n-io/n8n
generic_textual CRITICAL https://github.com/n8n-io/n8n
cvssv3.1 10 https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
cvssv3.1 9.9 https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
generic_textual CRITICAL https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
ssvc Attend https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
cvssv3.1 10 https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
cvssv3.1 9.9 https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
generic_textual CRITICAL https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
ssvc Attend https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
cvssv3.1 10 https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
cvssv3.1 9.9 https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
generic_textual CRITICAL https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
ssvc Attend https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
cvssv3.1 10 https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
cvssv3.1 9.9 https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
cvssv3.1_qr CRITICAL https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
generic_textual CRITICAL https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
ssvc Attend https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
cvssv3.1 9.9 https://nvd.nist.gov/vuln/detail/CVE-2025-68613
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2025-68613
cvssv3.1 9.9 https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
generic_textual CRITICAL https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
cvssv3.1 9.9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613
generic_textual CRITICAL https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-68613
https://github.com/n8n-io/n8n
https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613
08f332015153decdda3c37ad4fcb9f7ba13a7c79 https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
1c933358acef527ff61466e53268b41a04be1000 https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
39a2d1d60edde89674ca96dcbb3eb076ffff6316 https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
CVE-2025-68613 https://nvd.nist.gov/vuln/detail/CVE-2025-68613
GHSA-v98v-ff95-f3cp https://github.com/advisories/GHSA-v98v-ff95-f3cp
GHSA-v98v-ff95-f3cp https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
Data source Metasploit
Description This module exploits a critical remote code execution vulnerability (CVE-2025-68613) in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in {{ }} are evaluated in an execution context that is not sufficiently isolated from the underlying Node.js runtime. An authenticated attacker can create a workflow containing malicious expressions that access the Node.js process object via this.process.mainModule.require (or via the constructor) to load child_process and execute arbitrary system commands. This module uses a Schedule Trigger node to automatically fire and evaluate the malicious payload. This requires valid credentials to create workflows. Successful exploitation may lead to full compromise of the n8n instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. Affected versions: >= 0.211.0 and < 1.120.4, < 1.121.1, < 1.122.0
Note 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
  - artifacts-on-disk
Ransomware campaign use Unknown
Source publication date June 10, 2025
Platform Linux,Unix,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/n8n_workflow_expression_rce.rb
Data source KEV
Date added March 11, 2026
Description n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.
Required action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date March 25, 2026
Note 
https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/ Found at https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/ Found at https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/ Found at https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-11T17:39:59Z/ Found at https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-68613
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98626
EPSS Score 0.68312
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T16:59:03.751198+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2025/68xxx/CVE-2025-68613.json 38.6.0