Changeflow GovPing Vulnerability Management n8n RCE Vulnerability CVE-2025-68613
Urgent Notice Amended Final

n8n RCE Vulnerability CVE-2025-68613

Favicon for www.cisa.gov CISA Known Exploited Vulnerabilities (KEV)
Detected March 13th, 2026
Email

Summary

CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.

View original document View source feed page

What changed

CISA has identified CVE-2025-68613 as a critical Remote Code Execution (RCE) vulnerability within the workflow expression evaluation system of the n8n open-source workflow automation platform. Versions prior to 1.120.4, 1.121.1, and 1.122.0 are affected. An authenticated attacker can exploit this vulnerability to execute arbitrary code with the privileges of the n8n process, potentially leading to a full compromise of the instance, unauthorized data access, modification of workflows, and system-level operations. The vulnerability has a CVSS score of 10.0 (CRITICAL) and is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

Organizations utilizing n8n must immediately upgrade to patched versions 1.120.4, 1.121.1, or 1.122.0 to mitigate this risk. If immediate upgrading is not feasible, temporary mitigations include limiting workflow creation and editing permissions to trusted users and deploying n8n in a hardened environment with restricted privileges and network access. Failure to address this vulnerability could result in significant data breaches and system compromise.

What to do next

  1. Upgrade n8n to versions 1.120.4, 1.121.1, or 1.122.0.
  2. If upgrading is not immediately possible, implement temporary mitigations: limit workflow creation/editing permissions and deploy n8n in a hardened environment with restricted privileges and network access.

Source document (simplified)

Required CVE Record Information

CNA: GitHub (maintainer security advisories)

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

CWE 1 Total

Learn more
- CWE-913: CWE-913: Improper Control of Dynamically-Managed Code Resources

CVSS 1 Total

Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 10.0 | CRITICAL | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |

Product Status

Learn more Versions 2 Total

Default Status: unknown

affected

  • affected at >= 0.211.0, < 1.120.4

  • affected at = 1.121.0

References 4 Total

Authorized Data Publishers

Learn more

CISA-ADP

Updated:

2026-03-12

SSVC and KEV, plus CVSS and CWE if not provided by the CNA.

SSVC 1 Total

Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| active | no | total | 2.0.3 | 2026-03-03 |

KEV 1 Total

Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613 (2026-03-11)

Related changes

Favicon for sam.gov SAM.gov Entity Exclusions Unavailable Due to Maintenance
Routine Mar 14, 2026 SAM.gov Entity Exclusions (Debarments & Suspensions) Trade Procurement
Favicon for sam.gov SAM.gov Entity Registration and Exclusions Unavailable
Routine Mar 14, 2026 SAM.gov Entity Exclusions (Debarments & Suspensions) Trade Procurement
Favicon for sam.gov SAM.gov Entity Exclusions Unavailable During Maintenance
Routine Mar 14, 2026 SAM.gov Entity Exclusions (Debarments & Suspensions) Trade Procurement
Favicon for wid.cert-bund.de CPython Vulnerabilities Allow Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de Vim Vulnerability Allows Code Execution (CVSS 6.6)
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts
Favicon for wid.cert-bund.de FreeRDP Vulnerabilities - Remote Code Execution
Priority review Mar 13, 2026 CERT-Bund Security Advisories Vulnerability Alerts

Source

Favicon for www.cisa.gov
CISA Known Exploited Vulnerabilities (KEV) cisa.gov/known-exploited-vulnerabilities-catalog
Vulnerability Management
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various Federal Agencies
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
National (US)

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Data Security

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Management alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CISA Known Exploited Vulnerabilities (KEV) publishes new changes.

Free. Unsubscribe anytime.