CRITICAL ZERO-DAY EXPLOIT THREATENS OVER 24,000 BUSINESS AUTOMATION SERVERS NATIONWIDE
A ticking time bomb is hidden inside a popular business automation tool, and hackers are already pulling the trigger. The U.S. Cybersecurity and Infrastructure Security Agency has sounded a DEFCON-level alarm, adding a critical n8n vulnerability to its Known Exploited Vulnerabilities catalog. This isn't a theoretical risk—it's a live-fire cyber battlefield with more than 24,700 unpatched instances exposed online right now.
The flaw, tagged as CVE-2025-68613, is a nightmare for cybersecurity teams. It's an expression injection bug with a near-maximum CVSS score of 9.9, allowing for remote code execution. Simply put, an authenticated attacker can weaponize this vulnerability to hijack the entire server. This isn't just a data breach waiting to happen; it's a gateway for ransomware, crypto-mining malware, and total system compromise.
Once inside, attackers have the keys to the kingdom. "This vulnerability allows a threat actor to execute arbitrary code with the same privileges as the n8n process itself," explains a senior threat analyst familiar with the investigation. "We are talking about full access to sensitive data, the ability to sabotage critical business workflows, and a perfect launchpad for lateral movement into deeper corporate networks." The potential for a cascading supply chain attack is staggering.
This is not just an IT problem. Every company using n8n for workflow automation—from finance to logistics—is now a prime target for a devastating cyber incident. With over 12,300 vulnerable instances in North America alone, the attack surface is massive. This exploit could be the initial phishing payload that leads to a multi-million dollar ransomware payout or a catastrophic leak of intellectual property.
We predict a surge in targeted attacks leveraging this vulnerability in the coming weeks. Federal agencies have been ordered to patch by March 25, 2026, but the private sector's slower response creates a golden opportunity for cybercriminals. The clock is ticking, and the exploit code is in the wild.
Your automated workflows could be automating your own destruction. Patch now.
