9.4

CVSS Score

4.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-65964

CVE-2025-65964: n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary commands on the n8n host during subsequent Git operations. Exploitation requires the ability to create or modify an n8n workflow using the Git node. This issue is fixed in version 1.119.2. Workarounds include excluding the Git Node (Docs) and avoiding cloning or interacting with untrusted repositories using the Git Node.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-65964

CVE-2025-65964:

9.4

CVSS Score

4.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
n8n	npm	>= 0.123.1, < 1.119.2	1.119.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability allows for remote code execution in n8n's Git node. An attacker can create a workflow that uses the Git node's 'Add Config' operation to set the core.hooksPath configuration to a malicious script within the repository. Subsequent Git operations triggered by the node will then execute this script. The provided patch addresses this by introducing a new security setting, enableGitNodeHooks, which is disabled by default. The patch modifies the execute method in packages/nodes-base/nodes/Git/Git.node.ts. Specifically, it adds logic to push core.hooksPath=/dev/null to the git configuration if hooks are not explicitly enabled. This prevents the execution of any hooks. The vulnerable function is therefore Git.execute, as it is the function that processes the user-provided git configuration and executes git commands, making it the entry point for the exploit.

Vulnerable functions

Git.execute

packages/nodes-base/nodes/Git/Git.node.ts

The `execute` method in the `Git` class is vulnerable. Before the patch, this function would construct and use `gitOptions` with a `config` array that could be manipulated by a user. A user could supply a `core.hooksPath` configuration pointing to a malicious script. When `simple-git` is initialized with these options and executes a git command, the malicious hook would be triggered, leading to remote code execution. The patch mitigates this by adding a check that disables hooks by default by setting `core.hooksPath` to `/dev/null`.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-65964: n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

CVE-2025-65964:

9.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

9.4

9.4

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-65964: n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI