Main Vulnerability Database Vulnerabilities #VU120269

#VU120269 Improper Control of Dynamically-Managed Code Resources in n8n - CVE-2025-68613

Published: December 23, 2025 / Updated: February 27, 2026

Vulnerability identifier: #VU120269

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2025-68613

CWE-ID: CWE-913

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
n8n

Software vendor:
n8n

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to an error within the workflow expression evaluation system. A remote authenticated user can supply a specially crafted workflow configuration that can be evaluated in an execution context that is not sufficiently isolated from the underlying runtime, leading to privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp

#VU120269 Improper Control of Dynamically-Managed Code Resources in n8n - CVE-2025-68613

Description

Remediation

External links

Please verify you're human