Critical n8n RCE vulnerability enables full server compromise
Complete Cloud Security in Minutes – Orca Security
2025-12-23 02:05:48
收藏
A critical vulnerability (CVE-2025-68613, CVSS 9.9/10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to execute arbitrary code on the underlying server via expression injection in workflow definitions. Due to the potential for full instance takeover, data exposure, and lateral movement, immediate patching is required. The issue originates from n8n’s workflow expression evaluation […]
The post Critical n8n RCE vulnerability enables full server compromise appeared first on Orca Security.
目录
最新
- HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines
- Post-Exploitation at Scale: The Rise of AILM
- Top 5 Takeaways from the Webinar on Agentic AI and Cloud Native Protection
- Unlocking Kubernetes Security: Insights from Our Session at SANS Kubernetes & CNAPP Forum
- Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access
- The Future of AppSec: AI, Context, and Action
- Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments
- Building Application Security from the Ground Up: An Organizational Approach