CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platform

Introduction

Zerobot, a Mirai-based botnet known for targeting Internet of Things (IoT) devices, has leveraged a critical vulnerability tracked as CVE-2025-68613, to compromise instances of the n8n workflow automation platform. Successful exploitation requires authentication and could result in remote code execution (RCE) with the privileges of the impacted n8n instance. The vulnerability has a high Common Vulnerability Scoring System version 3.1 (CVSSv3.1) score of 9.9 due to low attack complexity, remote exploitation possibility and a high impact on confidentiality, availability and integrity. Our Vulnerability Intelligence researchers have observed a publicly available Metasploit module for CVE-2025-68613 and note that the vulnerability has been weaponized and productized. We provide recommendations and mitigations below.

Overview

On Dec. 19, 2025, n8n developers published a security advisory addressing a critical improper control of dynamically managed code resources vulnerability tracked as CVE-2025-68613. Successful exploitation of the vulnerability requires authentication against the n8n instance and could result in RCE. Active exploitation was first identified in mid-January 2026 when Akamai’s security intelligence and response team observed the Zerobot botnet leveraging the vulnerability, marking the first publicly reported exploitation of the vulnerability since its disclosure. On March 11, 2026, CISA added CVE-2025-68613 to its KEV catalog, setting a remediation due date of March 25, 2026, for federal agencies.

Our Vulnerability Intelligence team observed 71,537 exposed n8n instances worldwide as of March 16, 2026, with the following Shodan query:

Figure 1: The image depicts discovered exposed instances of n8n on the Shodan internet scanning platform as of March 16, 2026.

Technical analysis

N8n is a workflow automation software built on Node.js and uses JavaScript for platform internals and workflow logic. The vulnerability exists in n8n’s expression evaluation system, which lets users write dynamic expressions to process dynamic data inside n8n workflows. For example, if the specific workflow needs to send a personalized mail to a user, the following JavaScript expression may be used.

Due to the nature of this feature, the n8n expression evaluation system processes data given by an authenticated user. These kinds of features are attractive for attackers and vulnerability researchers alike due to their handling of user input in a code execution context.

An expression injection here is possible in vulnerable instances that enables authenticated attackers to execute arbitrary commands. The vulnerability exists because n8n versions 0.211.0 through 1.120.3 do not properly sandbox the expression evaluation system. This allows attackers to break out the intended execution context and run arbitrary code on the underlying server with the privileges of the n8n process. The following is an example payload that can be used to exploit this vulnerability:

The payload wraps the exploit chain inside an anonymous function to encapsulate the logic within a single expression. It first accesses “this” to reach the Node.js global context, then traverses to process.mainModule to access the root module of the application, which should not be unreachable from within the sandbox. From here, “require(‘child_process’)” loads Node.js’ module to spawn a child process inside the underlying operation system to execute the “id” command. This results in a potential attacker obtaining access to the underlying operating system and potentially gaining further privileges through lateral movement techniques.

Intel 471 tested and confirmed the payload successfully running arbitrary commands on a vulnerable n8n instance. The following screenshot showcases the successful execution of the “id” command inside the n8n platform:

Figure 2: The image depicts the successful execution of the “id” command inside the n8n platform on March 18, 2026.

Notable underground activity

CVE-2025-68613 garnered significant attention in the underground, including from bot actors who often highlight notable vulnerabilities. We’ve observed multiple threat actors, including a possible ransomware operator, share links to an exploit from open source reporting.

Assessment

We observed broad awareness of CVE-2025-68613 from potential attackers and exploitation in the wild was confirmed. While successful exploitation requires authentication, which serves as a limiting factor, this barrier is not substantial as credentials may be obtained through open registration, brute forcing, credential stuffing or exploiting the vulnerability in conjunction with the CVE-2026-21858 aka ni8mare vulnerability to achieve initial access. This is further compounded by the high number of internet-exposed n8n instances, significantly widening the attack surface. The availability of a public Metasploit module also lowers the technical barrier for exploitation, enabling less sophisticated threat actors to weaponize the vulnerability with minimal effort. These factors, combined with a CVSSv3.1 score of 9.9, suggest a medium likelihood of continued exploitation.

Mitigations, recommendations

The Vulnerability Intelligence team proactively tracks the threat life cycles of vulnerabilities and exploit activity observed in the cyber underground, helping illuminate vulnerabilities at a greater risk of exploitation. Timely alerts help teams immediately see changes in a vulnerability's threat level, enabling decisive and prioritized remediation based on real and active threats.

The vulnerability was addressed in an n8n security advisory with updated versions. Intel 471 recommends monitoring for unexpected child process spawns originating from the n8n process, particularly those executing system commands such as “id” and “whoami” or executables that can act as payload downloaders such as wget and curl, as these are indicative of active exploitation attempts. Verity471 customers can access an available Sigma rule and Nuclei template.

Indicators of compromise