Warning: Remote Code Execution in n8n project, Patch Immediately!

Image
Decorative image
Published : 09/12/2025

    * Last update:  09/12/2025
   
    * Affected software: N8N

    * Type:
        → • Remote Code Execution
 
    * CVE/CVSS
        → • CVE-2025-65964: CVSS 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)

 

Sources

 
N8n-docs: https://n8n-docs.teamlab.info/hosting/securing/blocking-nodes/
 

Risks

A newly discovered vulnerability in N8N project allows attackers to execute unauthorized code, potentially exposing sensitive company data and disrupting operations.

N8N is a free open-source workflow automation platform that allows users to connect apps, services and APIs visually through a node-based interface to automate tasks and processes. It’s widely used by developers, DevOps and businesses.

If exploited this could lead to data breaches, system compromise and operational downtime impacting confidentiality, integrity and availability of critical businesses.

Description

A critical security vulnerability, CVE-2025-65964, affects n8n versions 0.123.1–1.119.1. This flaw in the Git node allows authenticated attackers to set core.hooksPath via "Add Config" enabling remote code execution through malicious Git hooks.

Attackers with workflow edit access can trigger arbitrary commands during Git operations (clone/commit), compromising the host with n8n privileges.

The vulnerability is fixed in version 1.119.2.
A possible workaround until patch deployment: Disable Git node usage or restrict workflow editing to trusted admins only.

Recommended Actions

 
Patch 

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
 
Monitor/Detect 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
 
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.

While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.

References
Github: https://github.com/n8n-io/n8n/releases/tag/n8n%401.119.2

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-65964