Tag :
Cyber Security

Summary

Item Details
Vulnerability Name

n8n Remote Code Execution

(CVE-2025-68613)
Released on

December 24, 2025
Affected Component

n8n
Affected Version

0.211.0 ≤ n8n < 1.120.4

n8n < 1.121.1

n8n < 1.122.0
Vulnerability Type

Code execution
Exploitation Condition

1. User authentication: not required.

2. Precondition: default configurations.

3. Trigger mode: remote.
Impact

Exploitation difficulty: difficult. Only authenticated attackers can exploit this vulnerability to execute arbitrary code.

Severity: critical. This vulnerability may lead to remote code execution.
Official Solution

Available

About the Vulnerability

  • Component Introduction

n8n is an open-source workflow automation platform that allows users to connect various applications, services, and APIs by dragging nodes on a visual interface. It enables users to construct complex automated processes without the need for extensive coding. The letter "n" in its name stands for "numerous", which indicates that n8n can connect countless tools for flexible integration.

  • Vulnerability Description

On December 24, 2025, Sangfor FarSight Labs received notification of the remote code execution vulnerability in n8n (CVE-2025-68613), classified as critical in threat level. Specifically, n8n contains a remote code execution vulnerability. Under specific conditions, expressions submitted by authenticated users during workflow configuration may be parsed and executed in an execution context that is not sufficiently isolated from the underlying runtime. Attackers can exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.

Affected Versions

The following n8n versions are affected: 0.211.0 ≤ n8n < 1.120.4 n8n < 1.121.1 n8n < 1.122.0

Solutions

Remediation Solutions

Official Solution

The latest versions have been officially released to fix the vulnerability. Affected users are advised to update n8n to the following versions as needed: n8n 1.120.* ≥ 1.120.4 n8n 1.121.* ≥ 1.121.1 n8n 1.122.* ≥ 1.122.0 Download link: https://github.com/n8n-io/n8n/releases

Temporary Solutions

  1. Disable unused functional modules to reduce attack entry points.
  2. Follow the principle of least privilege to strictly control the scope of permissions for sensitive operations.
  3. Do not expose services to the Internet unless necessary, to limit the access sources to trusted ranges.
  4. Regularly update the system and components to secure versions so that known vulnerabilities can be patched at the earliest opportunity.

Sangfor Solutions

Vulnerability Monitoring

The following Sangfor services support CVE-2025-68613 vulnerability monitoring, and can quickly identify affected assets and the impact scope in business scenarios in real time through traffic collection:

  • Athena Network Detection and Response (NDR): The corresponding monitoring solution will be released on December 29, 2025. The rule ID is 11220072.
  • Athena Managed Detection and Response (MDR): The corresponding monitoring solution will be released on December 29, 2025. The rule ID is 11220072. In this case, make sure that Athena MDR is integrated with Athena NDR.
  • Athena Extended Detection and Response (XDR): The corresponding monitoring solution will be released on December 29, 2025. The rule ID is 11220072.
  • Sangfor Traffic Monitoring GPT: Sangfor Traffic Monitoring GPT can detect attacks and threats targeting this vulnerability based on its understanding of attacks and code, without the need to configure rules.

Vulnerability Prevention

The following Sangfor services can effectively block CVE-2025-68613 exploits:

  • Athena Next-Generation Firewall (NGFW): The corresponding prevention solution will be released on December 29, 2025. The rule ID is 11220072.
  • Sangfor Web Application Firewall (WAF): The corresponding prevention solution will be released on December 29, 2025. The rule ID is 11220072.
  • Athena MDR: The corresponding prevention solution will be released on December 29, 2025. The rule ID is 11220072. In this case, make sure that Athena MDR is integrated with Athena NGFW.
  • Athena XDR: The corresponding prevention solution will be released on December 29, 2025. The rule ID is 11220072. In this case, make sure that Athena XDR is integrated with Athena NGFW.

Timeline

On December 24, 2025, Sangfor FarSight Labs received notification of the remote code execution vulnerability in n8n (CVE-2025-68613). On December 24, 2025, Sangfor FarSight Labs released a vulnerability alert.

Reference

https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

See Other Product

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail