Post · bonfire.cafe

Post

anyone hosting on hetzner know why i would get a government message like this about security vulnerabilities in something i'm self-hosting? (i already updated the software even if it wasn't necessary)

i used @cloudron to install it but not sure if that matters

4 media

We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information.
The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share.
These notifications do not mean your server was involved in any abusive activity.
They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure.
You do not need to send us, or the BSl, a response.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report — We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information. The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share. These notifications do not mean your server was involved in any abusive activity. They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure. You do not need to send us, or the BSl, a response. In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report

Dear Sir or Madam,
n8n is an open-source workflow automation platform.
Multiple Critical vulnerabilities in n8n can be exploited by remote attackers to expose sensitive information or execute arbitrary code,
potentially resulting in a full system compromise.
All supported versions prior to 2.0.0 are affected.
Users should update n8n to a current version as soon as possible.
Additional information provided by the vendor:
CVE-2025-68613
https://github.com/n8n-io/n8n/security/.
advisories/GHSA-v98v-ff95-f3cp — Dear Sir or Madam, n8n is an open-source workflow automation platform. Multiple Critical vulnerabilities in n8n can be exploited by remote attackers to expose sensitive information or execute arbitrary code, potentially resulting in a full system compromise. All supported versions prior to 2.0.0 are affected. Users should update n8n to a current version as soon as possible. Additional information provided by the vendor: CVE-2025-68613 https://github.com/n8n-io/n8n/security/. advisories/GHSA-v98v-ff95-f3cp

Please find below a list of IP addresses of n8n systems on your networks
found to be running a version still affected by one or more of these
vulnerabilities. All timestamps are UTC.
We would like to ask you to take appropriate steps to secure affected systems
or notify your customers accordingly.
This message is digitally signed using
PGP.
Information on the signature key is available at:
<https://reports.cert-bund.de/en/digital-
signature>
Please note:
This is an automatically generated message. Replies to the
sender address <reports@reports.cert-bund.de> will NOT be read
but silently be discarded. — Please find below a list of IP addresses of n8n systems on your networks found to be running a version still affected by one or more of these vulnerabilities. All timestamps are UTC. We would like to ask you to take appropriate steps to secure affected systems or notify your customers accordingly. This message is digitally signed using PGP. Information on the signature key is available at: <https://reports.cert-bund.de/en/digital- signature> Please note: This is an automatically generated message. Replies to the sender address <reports@reports.cert-bund.de> will NOT be read but silently be discarded.

In case of questions, please contact <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...] of this message in the subject line.
Affected systems on your network:
Format: ASN | IP | Timestamp (UTC) | Port | Version | Status | Cve
24940 | ip address redacted | 2026-01-13
19:36:38 | 443 | 1.123.7 | vulnerable |
cve-2025-68668

Mit freundlichen Grüßen / Kind regards
Team CERT-Bund
Bundesamt für Sicherheit in der
Informationstechnik
Federal Office for Information Security (BSI)
CERT-Bund
Godesberger Allee 87, 53175 Bonn, Germany. — In case of questions, please contact <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...] of this message in the subject line. Affected systems on your network: Format: ASN | IP | Timestamp (UTC) | Port | Version | Status | Cve 24940 | ip address redacted | 2026-01-13 19:36:38 | 443 | 1.123.7 | vulnerable | cve-2025-68668 Mit freundlichen Grüßen / Kind regards Team CERT-Bund Bundesamt für Sicherheit in der Informationstechnik Federal Office for Information Security (BSI) CERT-Bund Godesberger Allee 87, 53175 Bonn, Germany.

cloudron

@cloudron@social.cloudron.io replied · 2 days ago

@rosano maybe just a friendly reminder, although would be interesting to know how they figured out, that you are running n8n via #cloudron there. But it seems they didn't actually check the version to see if your deployment is vulnerable.

However, just to be sure, if you are on latest #n8n package via Cloudron you are fine.

Rosano

@rosano@mastodon.online replied · 2 days ago

@cloudron they don't mention cloudron, but even so not sure how they know what i install 🤔

Vít Skalický :fedora:

@vitSkalicky@fosstodon.org replied · 2 days ago

@rosano I guess they are just telling you to really make sure you have updated your n8n. There has been a very bad vuln in it.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.35 no JS en

Automatic federation enabled