CVE-2025-61914
Stored XSS in n8n “Respond to Webhook” Node Enables JS Execution
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored Cross-Site Scripting (XSS) issue in the n8n workflow automation platform prior to version 1.114.0. It occurs when the “Respond to Webhook” node returns HTML content containing executable scripts. Instead of running these scripts in a sandboxed environment, they execute directly in the top-level window of the n8n editor interface. This allows a malicious user with workflow creation permissions to run arbitrary JavaScript code within the n8n editor.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with workflow creation permissions to execute arbitrary JavaScript code in the context of the n8n editor interface. This can lead to unauthorized actions such as stealing sensitive information, manipulating workflows, or compromising the integrity of the automation platform. It poses a high confidentiality and integrity risk but does not affect availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade n8n to version 1.114.0 or later. Additionally, restrict workflow creation and modification privileges to trusted users only, avoid using untrusted HTML responses in the "Respond to Webhook" node, and consider using an external reverse proxy or HTML sanitizer to filter responses that include executable scripts.