n8n Node.js Package < 1.123.17 / 2.x < 2.5.2 Expression Escape Leading to RCE (CVE-2026-25049)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.17, or 2.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability: - An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow...

CVE-2026-25049

creationtimestamp| type| source ---|---|--- 2026-02-04 21:01:03+00:00| seen| https://threatintel.cc/2026/02/04/critical-nn-flaws-disclosed-along.html 2026-02-04 21:23:59+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/116014464225155765 2026-02-04 21:27:57+00:00| seen|...

@0xlimao/n8n-nodes-ethereum (=0.1.1), @adhiraj2486/n8n-nodes-vigorus (=1.0.8) +699 more potentially affected by CVE-2025-68613 +1 more via n8n-workflow (>=1.0.0 <=1.120.3)

n8n-workflow NPM version =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.5.2, =1.0.1, =1.0.0, =0.1.1, =0.1.4 - @arwinho/n8n-nodes-oxxa =0.1.0 - @avisaapp/n8n-nodes-avisaapp =0.1.0 - @bergetai/n8n-nodes-all =1.1.0 and more Source cves: CVE-2025-68613, CVE-2026-25049 Source advisory:...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-25049 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-25049 Source advisory: OSV:GHSA-6CQR-8CFR-67F8...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +258 more potentially affected by CVE-2025-68613 +1 more via n8n-workflow (>=2.0.0-rc.0 <=2.3.0)

n8n-workflow NPM version =2.0.0-rc.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2025-68613, CVE-2026-25049 Source advisory: SNYK:JS-N8NWORKFLOW-15219713...

CVE-2026-25049

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

CVE-2023-25049

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...

CVE-2020-25049

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 August 2020...

CVE-2019-25049

LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1itemprintctx called from asn1templateprintctx...

CVE-2025-25049

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused...

CVE-2023-25049

creationtimestamp| type| source ---|---|--- 2023-04-07 16:28:06+00:00| seen| https://t.me/cibsecurity/61665...

CVE-2023-25049

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...

CVE-2023-25049 WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...

CVE-2023-25049 WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.4 versions...

CVE-2023-25049

CVE-2023-25049 affects the WordPress plugin “impleCode eCommerce Product Catalog Plugin for WordPress” (versions ≤ 3.3.4). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) issue. Public sources in connected documents consistently describe the flaw as an XSS due to ...

SUSE CVE-2019-25049

LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1itemprintctx called from asn1templateprintctx...

WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS)

Software eCommerce Product Catalog Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25049 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0a25dfcf24b7 Credits Abdi Pranata...

CVE-2018-25049

creationtimestamp| type| source ---|---|--- 2022-12-27 12:28:02+00:00| seen| https://t.me/cibsecurity/55390 2025-04-11 17:51:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11482...

@essex/powerbi-visual-scripts (=1.1.0), @essex/visual-settings (>=1.0.0 <=3.0.0) +13 more potentially affected by CVE-2018-25049 via email-existence (>=0.1.2 <=0.1.6)

email-existence NPM version =0.1.2, =1.0.0, =1.0.0, =0.1.5, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.1, =1.0.0, =1.1.6, =1.2.4 Source cves: CVE-2018-25049 Source advisory: OSV:GHSA-P27H-4CPF-FW48...

CVE-2018-25049

The CVE-2018-25049 entry concerns the email-existence library, specifically the index.js component. The issue is described as an inefficient regular-expression complexity (regular expression denial of service) vulnerability, tied to how email length/validation is handled. The known patch is named...