CVE-2025-65964
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | 0.123.1 |
| n8n | n8n | 1.119.2 |
| n8n | n8n | 1.119.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if your n8n instance is running a vulnerable version (0.123.1 through 1.119.1) and if workflows using the Git node are setting the Git configuration key 'core.hooksPath' to a non-default path that could point to malicious hooks. Since the vulnerability exploits the ability to set arbitrary Git config values, you can inspect Git configurations used by n8n workflows for suspicious 'core.hooksPath' values. Additionally, you can check if the environment variable 'N8N_GIT_NODE_ENABLE_HOOKS' is set to false (which disables hooks) or true (which allows hooks). Suggested commands include: 1. Listing Git configuration in the repository used by n8n workflows: `git config --list` to see if 'core.hooksPath' is set to an unusual directory. 2. Checking environment variables in the n8n host: `printenv | grep N8N_GIT_NODE_ENABLE_HOOKS` to verify if hooks are disabled. 3. Reviewing n8n workflow definitions for usage of the Git node and any 'Add Config' operations that set 'core.hooksPath'. Since the vulnerability requires the ability to create or modify workflows, auditing workflow changes and Git node usage is important. Upgrading to version 1.119.2 or later is recommended to mitigate this issue. [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in n8n versions 0.123.1 through 1.119.1, where the Add Config operation in workflows allows setting arbitrary Git configuration values, including core.hooksPath. This can be exploited to point to a malicious Git hook that executes arbitrary commands on the n8n host during Git operations, leading to remote code execution (RCE). Exploitation requires the ability to create or modify an n8n workflow using the Git node. The issue is fixed in version 1.119.2.
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on the n8n host, allowing an attacker to run arbitrary commands. This could compromise the system's integrity, confidentiality, and availability, potentially leading to unauthorized access, data theft, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade n8n to version 1.119.2 or later. As workarounds, exclude the Git Node from your workflows and avoid cloning or interacting with untrusted repositories using the Git Node.