Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security flaw in n8n, which is being actively exploited. The vulnerability allows for remote code execution and has been added to CISA's Known Exploited Vulnerabilities catalog.

Key Points

• The vulnerability is tracked as CVE-2025-68613 and has a CVSS score of 9.9.
• It involves an expression injection flaw that can lead to remote code execution (RCE).
• CISA added this flaw to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday.
• There are approximately 24,700 instances of n8n that remain exposed to this vulnerability.
• The security issue has been patched, but many instances remain unpatched and vulnerable.

Analysis

The inclusion of this vulnerability in CISA's KEV catalog underscores its critical nature, particularly given the active exploitation in the wild. With a high CVSS score of 9.9, the potential impact of this flaw is significant, posing serious risks to organizations using n8n. The large number of exposed instances highlights the urgency for immediate remediation.

Conclusion

IT professionals should prioritize patching the n8n vulnerability (CVE-2025-68613) to mitigate the risk of remote code execution. Immediate action is recommended to secure systems against this actively exploited threat.