Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a new, high-stakes entry to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, tracked as CVE-2025-68613, carries a maximum CVSS score of 10, signaling the highest level of severity for affected organizations.
The flaw impacts n8n, a popular workflow automation tool, and involves the improper control of dynamically-managed code resources.
At the heart of the issue is a critical Remote Code Execution (RCE) vulnerability within the n8n workflow expression evaluation system. Security researchers found that “under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime”.
For an attacker, this is a golden ticket. An authenticated user could abuse this lack of isolation to execute arbitrary code with the full privileges of the n8n process. The consequences of a successful exploit are severe, potentially leading to:
- Full compromise of the affected instance.
- Unauthorized access to sensitive data.
- The ability to modify existing workflows or execute system-level operations.
Because this vulnerability is being actively leveraged by malicious actors, CISA has set a strict deadline for Federal Civilian Executive Branch (FCEB) agencies. All identified flaws must be remediated by March 25, 2026.
The most effective way to neutralize this threat is to patch immediately. The issue has been officially resolved in n8n v1.122.0. Technical teams are “strongly advised to upgrade to version 1.122.0 or later,” as these versions introduce the necessary safeguards to restrict how expressions are evaluated.
If an immediate upgrade is off the table, administrators should deploy these short-term workarounds:
- Restrict Access: Limit workflow creation and editing permissions strictly to fully trusted users.
- Harden the Environment: Deploy n8n with restricted OS privileges and limited network access to contain the blast radius of a potential exploit.
While these measures provide a temporary buffer, experts warn they “do not fully eliminate the risk” and should only be viewed as a stopgap until the official patch is applied.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
