Dec 23, 2025Ravie LakshmananVulnerability / Workflow Automation
A essential safety vulnerability has been disclosed within the n8n workflow automation platform that, if efficiently exploited, might lead to arbitrary code execution below sure circumstances.
The vulnerability, tracked as CVE-2025-68613, carries a CVSS rating of 9.9 out of a most of 10.0. The bundle has about 57,000 weekly downloads, based on statistics on npm.
“Underneath sure circumstances, expressions equipped by authenticated customers throughout workflow configuration could also be evaluated in an execution context that’s not sufficiently remoted from the underlying runtime,” the maintainers of the npm bundle stated.
“An authenticated attacker might abuse this conduct to execute arbitrary code with the privileges of the n8n course of. Profitable exploitation might result in full compromise of the affected occasion, together with unauthorized entry to delicate knowledge, modification of workflows, and execution of system-level operations.”
The difficulty, which impacts all variations together with and better than 0.211.0 and beneath 1.120.4, has been patched in 1.120.4, 1.121.1, and 1.122.0. Per the assault floor administration platform Censys, there are 103,476 doubtlessly weak cases as of December 22, 2025. A majority of the cases are situated within the U.S., Germany, France, Brazil, and Singapore.
In mild of the criticality of the flaw, customers are suggested to use the updates as quickly as doable. If fast patching isn’t an possibility, it is suggested to restrict workflow creation and enhancing permissions to trusted customers and deploy n8n in a hardened surroundings with restricted working system privileges and community entry to mitigate the chance.
