SCA: security update for n8n (GHSA-v98v-ff95-f3cp)

high Tenable Self-Hosted Container Security Plugin ID 436476

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4,
1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow
expression evaluation system. Under certain conditions, expressions supplied by authenticated users during
workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the
underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the
privileges of the n8n process. Successful exploitation may lead to full compromise of the affected
instance, including unauthorized access to sensitive data, modification of workflows, and execution of
system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are
strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict
expression evaluation. If upgrading is not immediately possible, administrators should consider the
following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users
only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network
access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk
and should only be used as short-term measures. (CVE-2025-68613)

Solution

Update the n8n library and its related packages to version 1.120.4 or later.

See Also

https://github.com/advisories/GHSA-v98v-ff95-f3cp

Plugin Details

Severity: High

ID: 436476

Version: Revision 1.21

Type: Local

Family: SCA Checks

Published: 12/22/2025

Updated: 7/8/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

Percentile: 99.81

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-68613

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/22/2025

Vulnerability Publication Date: 12/19/2025

CISA Known Exploited Vulnerability Due Dates: 3/25/2026

Exploitable With

Core Impact

Metasploit (n8n Workflow Expression Remote Code Execution)

Reference Information

CVE: CVE-2025-68613

cwe: CWE-913