CVE-2025-65964

216.73.216.36

· Published 09/12/2025 00:15 · Modified 09/12/2025 18:37

Labels: CVE-2025-65964 2025-12-09 CVE-2025-65964 CWE-829 [email protected]

Essential information

Published: 09/12/2025 00:15
Modified: 09/12/2025 18:37
Author: —
Creator: —
CVSS: 9.4 CRITICAL (v3) 9.4 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary commands on the n8n host during subsequent Git operations. Exploitation requires the ability to create or modify an n8n workflow using the Git node. This issue is fixed in version 1.119.2. Workarounds include excluding the Git Node (Docs) and avoiding cloning or interacting with untrusted repositories using the Git Node.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

CVE-2025-65964

Essential information

CVSS metrics

Description

NVD status

References