CISA added a critical n8n vulnerability, CVE-2025-68613, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The expression injection flaw enables remote code execution, was patched by n8n in December 2025, and remains unpatched on thousands of exposed instances. #n8n #CVE-2025-68613
Keypoints
- CISA listed CVE-2025-68613 in the KEV catalog due to active exploitation.
- The vulnerability is an expression injection leading to remote code execution with a CVSS score of 9.9.
- n8n released patches in December 2025 for versions 1.120.4, 1.121.1, and 1.122.0.
- Shadowserver reports over 24,700 unpatched n8n instances exposed online, with large numbers in North America and Europe.
- FCEB agencies must patch by March 25, 2026 under BOD 22-01; Pillar Security disclosed a related flaw, CVE-2026-27577.
Read More: https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html