CISA warns max-severity n8n bug is being exploited in the wild

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n.

CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score.

The bug was first disclosed in December, and vendors such as Resecurity said that of n8n's roughly 230,000 active users, more than 103,000 appeared to be vulnerable.

CVE-2025-68613 can lead to RCE on the open source workflow automation platform, with potential consequences ranging from simple data theft to full-blown supply chain compromise.

The vulnerability affects n8n and its expression evaluation engine, which are commonly used to automate operational tasks across systems.

n8n's advisory states that, under certain conditions, authenticated attackers can inject payloads into expressions that are then executed without validation.

"Successful exploitation may lead to full ...