Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

N8n actively exploited remote code execution vulnerability (CVE-2025-68613)

Vulnerability
First reported
Last updated
Happening score
H score 53
2 unique sources, 3 articles

Summary

Hide ▲

An actively exploited n8n remote code execution flaw, CVE-2025-68613, lets authenticated attackers run arbitrary code on vulnerable servers and can lead to full compromise. The n8n team fixed it in v1.122.0 in December and urged admins to patch immediately. CISA added the bug to its KEV catalog and ordered FCEB agencies to remediate by March 25 after warnings of 40,000+ exposed instances online.

Related Happenings

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

CISA KEV order for BlueHammer patching

Public Sector Action
First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...

Open Happening

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Open Happening

CISA KEV patch directive for CVE-2025-53521

Advisory/Mitigation
First: 30.03.2026 10:07 Last: 30.03.2026 10:07 Sources 1

About this happening: CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...

Open Happening

Cloud Software Group NetScaler urgent remediation advisory

Advisory/Mitigation
First: 25.03.2026 17:52 Last: 25.03.2026 17:52 Sources 1

About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...

Open Happening

Timeline

  1. 12.03.2026 07:18 2 articles · 2mo ago

    CISA adds CVE-2025-68613 to KEV catalog

    Initial Disclosure

    CISA adds CVE-2025-68613, an n8n expression-injection flaw with CVSS 9.9 that can lead to remote code execution, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation; CISA says it is the first n8n vulnerability placed in KEV.

    Show sources
    Open in new tab
  2. 11.03.2026 20:21 2 articles · 2mo ago

    CISA warns of actively exploited n8n RCE

    Initial Disclosure

    CISA warned government agencies about CVE-2025-68613, an actively exploited n8n workflow expression evaluation flaw that allows authenticated attackers to execute arbitrary code on vulnerable servers with the privileges of the n8n process and can lead to unauthorized access to sensitive data, workflow modification, and system-level operations.

    Show sources
    Open in new tab
  3. 11.03.2026 20:21 1 articles · 2mo ago

    CISA adds CVE-2025-68613 to KEV and orders patching

    Legal Policy Action Update

    CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities catalog and directed Federal Civilian Executive Branch agencies to patch their n8n instances by March 25 under BOD 22-01, while urging defenders to apply vendor mitigations or discontinue use if mitigations are unavailable.

    Show sources
    Open in new tab