CVE Research

Detailed write-ups of specific CVEs. Includes technical analysis, root cause discussion, screenshots or PoC evidence when available, and controlled explanations of impact.

CVE-2025-68668: Breaking Out of the Python Sandbox in n8n

INTRODUCTION CVE-2025-68668 is a sandbox bypass vulnerability in n8n , an open source workflow automation platform widely used for internal tooling, integrations, and automation pipelines. The flaw affects n8n versions from 1.0.0 up to, but not including, 2.0.0 , and allows an authenticated user with permission to create or modify workflows to execute arbitrary operating system commands on the host running n8n . At the center of this issue is the Python Code Node , which reli

Rhoda Smart

5 days ago18 min read

A Technical Analysis of CVE-2025-13915: Critical Authentication Bypass in IBM API Connect

Introduction CVE-2025-13915 is a critical authentication bypass vulnerability affecting IBM API Connect , an enterprise API management platform used by organizations to publish, manage, and secure APIs. The issue allows a remote attacker to access protected components without proper authentication, effectively skipping the login checks that should block unauthenticated requests. IBM rated the flaw 9.8 on the CVSS scale, which already shows how serious the impact can be in rea

Rhoda Smart

6 days ago11 min read