CVE-2025-62726
Published: 30 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-62726 is a remote code execution vulnerability (CWE-829) in the Git Node component of n8n, an open source workflow automation platform. It affects both Cloud and Self-Hosted versions prior to 1.113.0. The flaw occurs when the Git Node clones a remote repository containing a malicious pre-commit hook, and a subsequent Commit operation triggers execution of that hook, allowing arbitrary code to run within the n8n environment.
Attackers with low privileges, such as authenticated users (PR:L), can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). By hosting a malicious Git repository with a pre-commit hook, an attacker can entice a victim to clone it via the Git Node and then perform a commit, resulting in arbitrary code execution. This grants high confidentiality, integrity, and availability impact (CVSS 8.8), potentially compromising the n8n system, connected credentials, and workflows.
The vulnerability is addressed in n8n version 1.113.0. Mitigation details are available in the GitHub security advisory (GHSA-xgp7-7qjq-vg47), the fixing pull request (n8n-io/n8n/pull/19559), and the associated commit (n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997).
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables remote code execution by exploiting insecure execution of untrusted pre-commit hooks from remote Git repositories in the public-facing n8n workflow platform's Git Node.