Ethical Hacking News
CISA urges federal agencies to patch a vulnerability in n8n, an open-source workflow automation platform widely used in AI development, which could be exploited by malicious actors. The vulnerability allows remote code execution, posing significant risks to sensitive data and systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 22-01) to patch federal agencies' systems against an actively exploited n8n vulnerability. A remote code execution (RCE) flaw allows authenticated attackers to execute arbitrary code on vulnerable servers with the privileges of the n8n process, posing significant risks to organizations that use the platform. n8n is a widely used open-source workflow automation platform that stores sensitive data, making it a prime target for malicious cyber actors. Shadowserver has tracked over 40,000 unpatched instances of n8n exposed online and warned of the importance of timely patching to mitigate potential exploitation. CISA has warned that organizations must prioritize patching and implementing robust security measures to protect themselves against ongoing threats.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 22-01) for federal agencies to patch their systems against an actively exploited n8n vulnerability, highlighting the urgent need for immediate action to prevent potential compromise of sensitive data.
According to CISA, the vulnerability tracked as CVE-2025-68613 allows authenticated attackers to execute arbitrary code on vulnerable servers with the privileges of the n8n process. This remote code execution (RCE) flaw poses significant risks to federal agencies and other organizations that rely on the open-source workflow automation platform.
n8n is widely used in AI development for automating data ingestion, with over 50,000 weekly downloads on the npm registry and over 100 million pulls on Docker Hub. However, its extensive use also means that it stores a wide range of highly sensitive data, including API keys, database credentials, OAuth tokens, cloud storage access credentials, and CI/CD secrets.
The n8n team has addressed CVE-2025-68613 in December with the release of n8n v1.122.0 and also advised IT administrators to apply the patch immediately. Although BOD 22-01 applies only to federal agencies, CISA has encouraged all network defenders to secure their systems against ongoing CVE-2025-68613 attacks as soon as possible.
In light of this vulnerability, Shadowserver tracks over 40,000 unpatched instances exposed online, with more than 18,000 IPs found in North America and over 14,000 in Europe. Internet security watchdog group Shadowserver has emphasized the importance of timely patching to mitigate potential exploitation.
This RCE vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise, as stated by CISA. The agency has warned that apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
The n8n security team has addressed several other severe vulnerabilities since the start of the year, including one dubbed Ni8mare that allows remote attackers without privileges to hijack unpatched n8n servers. These recent developments underscore the need for organizations to prioritize patching and implementing robust security measures to protect themselves against ongoing threats.
This highlights the importance of prompt response and proactive approach in addressing such vulnerabilities. Organizations must ensure that their systems are up-to-date with the latest patches and follow best practices for securing workflow automation platforms like n8n.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Urges-Immediate-Action-as-n8n-Remote-Code-Execution-Vulnerability-Exposes-Federal-Agencies-to-Compromise-ehn.shtml
Published: Wed Mar 11 14:37:11 2026 by llama3.2 3B Q4_K_M
