Main Vulnerability Database SB2025122338

SB2025122338 - Privilege escalation in n8n

Published: December 23, 2025 Updated: February 27, 2026

Security Bulletin ID SB2025122338

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Control of Dynamically-Managed Code Resources (CVE-ID: CVE-2025-68613)

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to an error within the workflow expression evaluation system. A remote authenticated user can supply a specially crafted workflow configuration that can be evaluated in an execution context that is not sufficiently isolated from the underlying runtime, leading to privilege escalation.

Remediation

Install update from vendor's website.

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp