What is the CVSS score of CVE-2025-68949?

CVE-2025-68949 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of N8n are affected by CVE-2025-68949?

Organizations using n8n should be aware of moderate risk from CVE-2025-68949 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-68949?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

N8n CVE-2025-68949

MEDIUM

Use of Externally-Controlled Format String (CWE-134)

2026-01-13 security-advisories@github.com

GHSA-w96v-gf22-crwp

Code Injection N8n

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch released

Jan 16, 2026 - 18:47 nvd

Patch available

CVE Published

Jan 13, 2026 - 19:16 nvd

MEDIUM 5.3

DescriptionNVD

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected instances where workflow editors relied on IP-based access controls to restrict webhook access. Both IPv4 and IPv6 addresses were impacted. An attacker with a non-whitelisted IP could bypass restrictions if their IP shared a partial prefix with a trusted address, undermining the intended security boundary. This vulnerability is fixed in 2.2.0.

AnalysisAI

Technical ContextAI

Classified as CWE-134 (Use of Externally-Controlled Format String). Affects N8N. n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected instances where workflow editors relied on IP-based access controls to restrict webhook access. Both IPv4 and IPv6 addresses were impacted. An attacke

RemediationAI

A vendor patch is available — apply it immediately. Fixed in version 2.2.0.. Restrict network access to the affected service where possible.

CVE-2025-68949 vulnerability details – vuln.today

Back

N8n CVE-2025-68949

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code