CVE-2025-68613 is a CVSS 9.8 unauthenticated RCE in n8n’s workflow expression evaluation engine, confirmed actively exploited and listed in the CISA KEV catalog with a remediation deadline of 2026-03-25. Attackers can inject arbitrary code via crafted workflow expressions requiring no authentication on exposed deployments, enabling full server compromise, lateral movement, and data exfiltration. Patch immediately by identifying the fixed version via NVD or vendor advisories, isolate any internet-facing n8n instances behind a VPN or IP allowlist, and hunt for anomalous child processes and unexpected outbound connections from the n8n Node.js process.