CVE-2025-68613: n8n Improper Control of Dynamically-Managed Code Resources Vulnerability

CVE ID

CVE-2025-68613

Vulnerability Name

n8n Improper Control of Dynamically-Managed Code Resources Vulnerability

• Project: n8n
• Product: n8n

Date

• Date Added: 2026-03-11
• Due Date: 2026-03-25

Description

n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613

Related Security News

• CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
• CISA orders feds to patch n8n RCE flaw exploited in attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List