Tag Archives: Zerobot

About the Remote Code Execution Vulnerability – n8n (CVE-2025-68613)

About Remote Code Execution Vulnerability – n8n (CVE-2025-68613). n8n is a workflow automation platform available under a fair-code license. Improper Control of Dynamically-Managed Code Resources (CWE-913) in the n8n workflow expression evaluation system allows a remote authenticated attacker without administrative privileges to execute arbitrary code.

⚙️ The vulnerability was fixed in late December 2025.

⚒️ Exploits on GitHub have been available since December 22, including those for combined exploitation with CVE-2026-21858 (Ni8mare).

👾 On December 26, a detailed write-up by Resecurity was published, reporting signs of exploitation in the wild. On February 27, Akamai reported exploitation of the vulnerability by Zerobot malware. On March 11, the vulnerability was added to the CISA KEV.

🌐 In January, CyberOK SKIPA recorded just under 9,000 active n8n instances in the Runet, ~70% of which were vulnerable.

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: Zerobot

About the Remote Code Execution Vulnerability – n8n (CVE-2025-68613)