Key Takeaway
CVE-2025-68613 is a remote code execution vulnerability in n8n's workflow expression evaluation system caused by insufficient sandboxing of dynamically executed code. Any authenticated user with workflow creation or modification privileges can inject and execute arbitrary code on the n8n host at the application's runtime privilege level. CISA has added this vulnerability to the Known Exploited Vulnerabilities catalog with a federal agency patch deadline of March 25, 2026.
CVE-2025-68613: n8n Workflow Expression Evaluator Allows Remote Code Execution
CVE ID: CVE-2025-68613 Vendor: n8n Product: n8n (workflow automation platform) Vulnerability Type: Improper Control of Dynamically-Managed Code Resources (CWE-913) Attack Vector: Network (authenticated) CISA KEV Patch Deadline: 2026-03-25
Vulnerability Overview
CVE-2025-68613 affects n8n's workflow expression evaluation system. The flaw stems from insufficient sandboxing of dynamically executed code within workflow expressions. When n8n evaluates expressions embedded in workflow nodes, it fails to properly restrict the execution context, allowing injected code to run with the full privileges of the application runtime.
Any user with permissions to create or modify workflows can exploit this vulnerability to achieve remote code execution (RCE) on the underlying n8n host. The attack does not require elevated platform privileges beyond basic workflow access — a standard user account with workflow editing rights is sufficient.
Technical Details
n8n supports dynamic expressions inside workflow node configurations, typically written in JavaScript-based syntax and evaluated server-side at runtime. The expression evaluator does not enforce adequate isolation between the expression execution context and the host environment.
An attacker crafts a malicious expression inside a workflow node — such as a Set, Function, or HTTP Request node — that breaks out of the intended evaluation scope. Once the workflow executes, the injected payload runs on the server with the OS-level privileges of the n8n process. Depending on deployment configuration, this can mean root or service-account-level access.
The vulnerability is classified under CWE-913 (Improper Control of Dynamically-Managed Code Resources), a category that covers cases where an application dynamically generates or evaluates code without enforcing appropriate boundaries between untrusted input and the execution environment.
Real-World Impact
n8n is widely deployed as a self-hosted workflow automation tool, commonly integrated with databases, cloud APIs, internal services, and credential stores. Organizations use it to connect sensitive systems including CRMs, SIEMs, cloud storage buckets, and identity providers.
Successful exploitation gives an attacker code execution on the n8n host at the application's privilege level. From that position, an attacker can:
- Extract credentials and API tokens stored within n8n workflows or environment variables
- Pivot laterally to connected internal services reachable from the n8n host
- Exfiltrate data processed by active workflows
- Deploy persistent backdoors or malware on the host
- Tamper with existing workflows to intercept or manipulate automated business processes
Because n8n instances are frequently granted broad access to internal infrastructure through stored credentials and integrations, the blast radius of a successful exploit extends well beyond the n8n application itself.
CISA has added CVE-2025-68613 to the Known Exploited Vulnerabilities (KEV) catalog and mandates that federal agencies remediate by March 25, 2026. This designation indicates confirmed exploitation activity, though specific threat actor attribution has not been publicly released at the time of this advisory.
Affected Versions
All n8n deployments running versions with the vulnerable expression evaluation system are affected. Administrators should consult the official n8n release notes and security advisories to identify the specific version range and confirm whether a patched release is available for their deployment track.
Patching and Mitigation Guidance
1. Upgrade immediately. Apply the patched n8n version as soon as it becomes available from the vendor. Monitor the n8n GitHub releases page and official security advisories for patch availability.
2. Restrict workflow creation and modification permissions. Limit workflow edit access exclusively to trusted administrators. Remove workflow creation and modification rights from standard or untrusted user accounts until the patch is applied. Review existing role assignments across all n8n instances.
3. Audit existing workflow definitions. Inspect all workflow expressions for suspicious or unexpected code patterns. Pay particular attention to Function nodes and any node type that accepts free-form expression input. Flag workflows created or modified by non-administrative accounts for immediate review.
4. Isolate n8n instances from sensitive network segments. Place n8n hosts behind network controls that restrict outbound access to only required endpoints. Remove standing access to sensitive internal systems and credential stores where operationally feasible until the patch is deployed.
5. Rotate credentials exposed to n8n. Treat all API keys, tokens, and passwords stored within n8n workflows or accessible via the n8n environment as potentially compromised. Rotate and reissue these credentials, particularly for high-value integrations such as cloud providers, identity platforms, and databases.
6. Review host-level access logs. Examine OS-level process execution logs, network connection logs, and n8n application logs for signs of anomalous activity consistent with expression injection, such as unexpected outbound connections or process spawning from the n8n service account.
7. Federal agencies must comply with the CISA KEV remediation deadline of March 25, 2026 under Binding Operational Directive 22-01.
Original Source
CISA KEV
Related Articles
CVE Pending: Critical Vulnerability in Anthropic's Claude Code Discovered Days After Source Code Leak
Adversa AI discovered a critical vulnerability in Anthropic's Claude Code agentic coding assistant within days of Anthropic accidentally leaking the product's source code. Claude Code operates with elevated system privileges in developer environments, making exploitation potentially severe — including credential theft, CI/CD pipeline manipulation, and lateral movement. Organizations should audit deployments, rotate credentials, and apply patches immediately once Anthropic releases a fix.
CVE-2024-6387: OpenSSH regreSSHion RCE Flaw Exposes Millions of Linux Servers to Unauthenticated Root Access
CVE-2024-6387 (regreSSHion) is a signal handler race condition in OpenSSH sshd versions 8.5p1 through 9.7p1 that allows unauthenticated remote code execution as root. Discovered by Qualys, the flaw affects an estimated 700,000 publicly exposed servers. Administrators should upgrade to OpenSSH 9.8p1 immediately or set LoginGraceTime 0 as a temporary workaround.
Apple Expands DarkSword Exploit Kit Mitigations Across Device Fleet After State-Sponsored and Spyware Vendor Abuse
Apple has expanded mitigations against the DarkSword exploit kit to additional devices after the toolkit was used in operations by state-sponsored threat groups and commercial spyware vendors. The expansion follows Apple's standard model of phased protection rollouts across its device ecosystem. All Apple device owners should apply the latest OS updates immediately, and high-risk individuals should enable Lockdown Mode.
CVE-2026-20093: Critical Cisco IMC Authentication Bypass Carries CVSS 9.8
Cisco has patched CVE-2026-20093, a critical authentication bypass vulnerability in the Cisco Integrated Management Controller (IMC) with a CVSS score of 9.8. An unauthenticated remote attacker can exploit the flaw to bypass authentication and gain elevated privileges over affected hardware management interfaces. Administrators should apply Cisco's patch immediately and restrict IMC network access to isolated management VLANs.