Ethical Hacking News
A critical vulnerability has been discovered in the workflow automation platform, n8n, which allows attackers to achieve arbitrary code execution. Organizations that use n8n to automate their workflows are advised to upgrade to the latest versions of the software immediately or restrict workflow creation and editing to fully trusted users and run n8n in a hardened environment with restricted operating system privileges and network access.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the workflow automation platform, n8n, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, CVE-2025-68613, has a CVSS score of 10.0, indicating high severity and potential impact on system security. The vulnerability allows attackers to achieve arbitrary code execution, leading to unauthorized access to sensitive data and full compromise of the affected instance. n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system, allowing authenticated attackers to execute arbitrary code with the same privileges as the n8n process.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the workflow automation platform, n8n, to its Known Exploited Vulnerabilities (KEV) catalog. This move is a significant alert for organizations that use n8n to automate their workflows, as it highlights the potential risks associated with this widely used platform.
The vulnerability, tracked as CVE-2025-68613, has been assigned a CVSS score of 10.0, which indicates its high severity and potential impact on system security. The vulnerability allows attackers to achieve arbitrary code execution under certain circumstances, which can lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
According to CISA, n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system. This means that expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. As a result, an authenticated attacker could exploit this weakness to execute arbitrary code with the same privileges as the n8n process, potentially leading to full system compromise.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in n8n to its Known Exploited Vulnerabilities catalog.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Critical-n8n-Vulnerability-A-Threat-to-Workflow-Automation-ehn.shtml
https://securityaffairs.com/189326/security/u-s-cisa-adds-a-flaw-in-n8n-to-its-known-exploited-vulnerabilities-catalog.html
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-n8n-rce-flaw-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-68613
https://www.cvedetails.com/cve/CVE-2025-68613/
Published: Thu Mar 12 07:01:40 2026 by llama3.2 3B Q4_K_M
