Critical n8n RCE Flaw (CVE-2025-65964) Allows Remote Code Execution via Git Node Configuration Manipulation
Ddos 
A critical security vulnerability has been discovered in n8n, the popular workflow automation tool that powers technical teams worldwide. The flaw, which carries a critical CVSS severity score of 9.4, allows attackers to execute arbitrary code on the host server by weaponizing the platform’s Git integration.
The vulnerability, tracked as CVE-2025-65964, affects the Git node, a component used to interact with version control repositories within automation workflows.
The issue stems from a feature designed to offer flexibility. According to the security advisory, “The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation” .
However, this flexibility creates a dangerous loophole. By manipulating the Git configuration, specifically the core.hooksPath setting, an attacker can redirect Git to look for execution hooks in a malicious directory.
“When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during subsequent Git operations,” the advisory explains.
Once the hook is set, the trap is sprung the next time a Git operation triggers it. The consequences are severe because these hooks are not sandboxed. “Because Git hooks run as local system commands, this behavior can lead to arbitrary command execution on the underlying n8n host”.
To exploit this, an attacker needs “the ability to create or modify an n8n workflow that uses the Git node,” making this a potent threat for insider attacks or scenarios where workflow access is compromised.
The vulnerability affects a wide range of versions, specifically n8n versions ≥ 0.123.1 and < 1.119.2.
The project maintainers have released a fix in version 1.119.2.
For teams unable to patch right away, the advisory suggests critical mitigations: “Exclude the Git node” from use or “Avoid cloning or interacting with untrusted repositories using the Git Node”.
Donate