CVE-2025-62726

HIGH LAB

N8n < 1.113.0 - Remote Code Execution

Title source: rule

Description

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.

Exploits (3)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-62726

View Code ZIP pw:eip

nomisec WORKING POC

by baktistr · poc

https://github.com/baktistr/cve-2025-62726-poc

View Code ZIP pw:eip

nomisec NO CODE

by Muzyli · poc

https://github.com/Muzyli/cve-2025-62726-malicious-repo

View Code ZIP pw:eip

References (3)

[Patch] https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997

[Issue Tracking] https://github.com/n8n-io/n8n/pull/19559

[Patch, Vendor Advisory] https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47

Scores

CVSS v3 8.8

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull n8nio/n8n:1.112.0

https://github.com/baktistr/cve-2025-62726-poc

https://github.com/Muzyli/cve-2025-62726-malicious-repo

https://github.com/adminlove520/CVE-Poc_All_in_One

View in Library

Details

CWE

CWE-829

Status published

Products (2)

n8n/n8n < 1.113.0

npm/n8n 0 - 1.113.0npm

Published Oct 30, 2025

Tracked Since Feb 18, 2026