A critical remote code execution (RCE) vulnerability in the n8n workflow automation platform, tracked as CVE-2025-68613, has been actively exploited in the wild, prompting urgent calls for patching. The flaw, which carries a CVSS score of 8.8, affects versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It resides in the platform's workflow expression evaluation system, allowing authenticated users to inject malicious expressions under specific conditions.
The vulnerability, first published on December 19, 2025, has been added to the Known Exploited Vulnerabilities (KEV) catalog as of March 11, 2026, underscoring its significance and the urgency for remediation. With an Exploit Prediction Scoring System (EPSS) score of 0.784, the likelihood of exploitation is notably high, and the vulnerability was exploited within 81 days of its disclosure, highlighting the rapid pace at which attackers have moved to leverage this flaw.
The n8n platform, known for its open-source workflow automation capabilities, is widely used by organizations to streamline processes. However, the RCE vulnerability poses a severe risk, as it could allow attackers to execute arbitrary code on affected systems, potentially leading to unauthorized access, data exfiltration, or further compromise of network environments.
A proof-of-concept (PoC) exploit for CVE-2025-68613 is readily available, with at least 32 known instances circulating, increasing the risk of widespread exploitation. Security teams are advised to prioritize patching affected systems immediately. The vendor has released updates to address the vulnerability, and users are urged to upgrade to versions 1.120.4, 1.121.1, or 1.122.0 to mitigate the risk.
Given the severity and active exploitation of this vulnerability, organizations using n8n should conduct thorough assessments of their systems to identify any signs of compromise. Implementing the latest security patches and monitoring for unusual activity are critical steps in defending against potential attacks leveraging this flaw.
CSURFACE