CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
Summary
CISA has added a critical remote code execution (RCE) vulnerability in n8n to its Known Exploited Vulnerabilities catalog. This flaw, identified as CVE-2025-68613, has a CVSS score of 9.9 and has been actively exploited. Approximately 24,700 instances of n8n remain exposed to this threat.
IFF Assessment
FOE
The active exploitation of a critical RCE vulnerability in a widely used tool presents a significant threat to organizations.
Severity
9.9
Critical
Defender Context
Organizations using n8n should prioritize patching this critical vulnerability immediately due to its active exploitation. Defenders should also monitor for any signs of compromise related to this specific CVE and ensure their systems are not part of the exposed instances.