Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Remote Code Execution in n8n, Patch Immediately!
Image
Veröffentlicht : 23/12/2025
- Last update: 23/12/2025
- Affected software: n8n >= 0.211.0 < 1.120.4
- Type: Remote Code Execution (RCE)
- CVE/CVSS
→ CVE-2025-68613: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Sources
n8n - https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
Risks
A newly discovered vulnerability in n8n allows attackers to execute unauthorized code, potentially exposing sensitive company data and disrupting operations.
n8n is a tool for building automated workflows that move data and actions between different apps, APIs, and systems with full control over logic, data, and hosting. It combines visual building with custom code.
If exploited, this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical business processes or data.
Description
A critical security vulnerability, CVE-2025-68613, has been identified in n8n workflow automation platform versions 0.211.0 through 1.120.3. This flaw arises from expression injection in the workflow expression evaluation system, a type of vulnerability that allows authenticated attackers to execute arbitrary code with the privileges of the n8n process, potentially leading to unauthorized actions such as arbitrary code execution.
Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.