CVE-2025-68613 - n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
Project:n8n
Product:n8n
Date Added:2026-03-11Due Date:2026-03-25
Vulnerability Name
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
Description
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
https://nvd.nist.gov/vuln/detail/CVE-2025-68613
Related News Articles
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet CampaignApril 7, 2026
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain ExposedMarch 12, 2026
CISA orders feds to patch n8n RCE flaw exploited in attacksMarch 12, 2026