Ethical Hacking News
A critical vulnerability in n8n workflow automation platform has been exposed in real-world attacks, prompting immediate attention from organizations worldwide due to its high severity score. Stay updated with the latest developments on this ongoing cybersecurity issue.
The popular open-source workflow automation platform n8n has been affected by a new vulnerability, CVE-2025-68613, which is a critical remote code execution (RCE) bug. The US CISA has issued an alert warning federal civilian executive branch agencies to patch the bug immediately due to its high severity score of 9.9. About 103,000 active n8n users are vulnerable to this RCE, with approximately 230,000 total users at risk. The vulnerability affects n8n's expression evaluation engine and allows authenticated attackers to inject payloads into expressions that are then executed without validation. n8n has patched the bug in version 1.122.0, but some organizations may still be using outdated versions. Another critical RCE bug, "ni8mare", was recently discovered in n8n with a CVSS score of 10.0. A third vulnerability, CVE-2026-25049, is believed to be related to the previous two and further compromises the security posture of n8n users.
The cybersecurity landscape has recently witnessed a new vulnerability in the form of CVE-2025-68613, affecting the popular open-source workflow automation platform, n8n. The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding this critical remote code execution (RCE) bug, warning federal civilian executive branch agencies to patch it immediately due to its high severity score of 9.9.
In December, the vulnerability was first disclosed, but vendors and researchers soon realized that it had a profound impact on the security posture of n8n users worldwide. Resecurity reported that an estimated 103,000 active n8n users out of approximately 230,000 appeared to be vulnerable to this RCE. This number underscores the significant risk posed by CVE-2025-68613 to these users and their respective organizations.
The vulnerability in question affects n8n's expression evaluation engine, a feature widely used for automating operational tasks across various systems. According to an advisory issued by n8n, under certain conditions, authenticated attackers can inject payloads into expressions that are then executed without validation. This lack of validation creates an environment ripe for exploitation, where an attacker with access to a low-privilege account could potentially assume control of the entire n8n instance and abuse it to steal sensitive data or execute malicious operations.
n8n patched the bug in version 1.122.0, but given CISA's notice adding it to the known exploitability vulnerability list (KEV), it appears that some organizations have not yet upgraded their instances to this latest patch. This raises concerns about the continued exposure of these systems to exploitation by hackers.
In addition to CVE-2025-68613, another critical RCE bug dubbed "ni8mare" was recently discovered in n8n. Coined by Cyera researchers, this vulnerability is more severe than CVE-2025-68613, carrying a CVSS score of 10.0. The "ni8mare" bug allows attackers to gain free access to an n8n instance without the need for authentication, due to improper handling of webhooks.
Furthermore, a collection of vulnerabilities was recently discovered under the single CVE identifier CVE-2026-25049, which is believed to be related to CVE-2025-68613. These vulnerabilities further compromise the security posture of n8n users by providing additional vectors for exploitation of the platform's expression evaluation engine.
The recent series of vulnerability disclosures in n8n has undoubtedly sent shockwaves through the cybersecurity community and beyond. It highlights the need for organizations to stay vigilant and proactive when it comes to monitoring and addressing vulnerabilities in their systems, especially those that can be exploited by hackers with relative ease.
As the landscape of cloud computing and software development continues to evolve, so too do the security risks associated with these emerging technologies. The n8n vulnerability is a poignant reminder that no system is completely immune to exploitation and that swift action must be taken when such vulnerabilities are discovered.
A critical vulnerability in n8n workflow automation platform has been exposed in real-world attacks, prompting immediate attention from organizations worldwide due to its high severity score. Stay updated with the latest developments on this ongoing cybersecurity issue.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Vulnerability-in-n8n-Workflow-Automation-Platform-Exposed-in-Real-World-Attacks-ehn.shtml
Published: Thu Mar 12 09:57:17 2026 by llama3.2 3B Q4_K_M
