A critical remote code execution vulnerability in n8n, tracked as CVE-2025-68613, has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog due to active exploitation1. This vulnerability, which has a CVSS score of 9.9, allows for expression injection, enabling attackers to execute arbitrary code remotely. With approximately 24,700 instances remaining exposed, the severity of this flaw necessitates immediate attention. The vulnerability was patched, but the exploitation status, as discussed by CISA, dictates whether a patch-now or monitor approach is necessary. Given the high CVSS score and active exploitation, practitioners should prioritize patching or mitigating this vulnerability to prevent potential attacks. The presence of this vulnerability in CISA's catalog highlights the urgency of addressing this security flaw, making it essential for organizations to take prompt action to protect their systems.
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
⚠️ Critical Alert
Why This Matters
CVE-2025-68613 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, March 12). CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed. *The Hacker News*. https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html
Original Source
The Hacker News
Read original →