EXECUTIVE SUMMARY:
A newly discovered vulnerability CVE-2025-65964 in the open-source workflow automation platform n8n allows attackers to execute arbitrary code on the host system by abusing its Git integration. Through the Add Config operation of the Git node, a malicious workflow can set core.hooksPath to point to a directory containing a malicious Git hook. When the Git node next performs a Git operation, Git will automatically execute that hook as a local system command giving the attacker the ability to run arbitrary commands with the privileges of the n8n process. This makes the flaw exploitable if an attacker can create or modify a workflow using the Git node, which could lead to full system compromise, data breaches, disruption of automated processes, and downstream compromise of credentials or connected services. The vulnerability has a CVSS score of 9.4.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details: