CVE-2025-65964: any patched 1.123.x releases?

smlx · December 9, 2025, 4:04am

Describe the problem/error/question

The Security Advisory Remote Code Execution via Git Node Custom Pre-Commit Hook · Advisory · n8n-io/n8n · GitHub for CVE-2025-65964 is a little confusing. It is saying that only 1.119.2 is patched. Does that mean that there is no version of 1.123.x that is patched? What about 2.x? Are there plans to patch other release series?

Thanks for any clarity you can provide.

What is the error message (if any)?

n/a

Please share your workflow

n/a

Share the output returned by the last node

n/a

Information on your n8n setup

n/a

shortstacked · December 9, 2025, 10:40am

Hey @smlx ,
When we say that an issue was patched in “X” version. What we typically mean is patched in that version and then all minor/major versions going forward.

So that advisory doesn’t apply to 1.123.x or to 2.x.

I hope this helps.

smlx · December 9, 2025, 1:01pm

Never mind, this was totally just me misreading the numbers somehow. Sorry for the noise!