A critical security vulnerability has been revealed in the n8n workflow automation platform. The flaw, if successfully exploited, could result in arbitrary code execution under certain circumstances.
The vulnerability, tracked as CVE-2025-68613, has a CVSS score of 9.9 out of 10.0, underscoring its severity. According to npm statistics, the n8n package records approximately 57,000 weekly downloads.
Vulnerability and Impact Details
The maintainers of the npm package stated that “under certain conditions, expressions provided by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.”
An authenticated attacker could exploit this behavior to execute arbitrary code with the privileges of the n8n process. A successful exploit can lead to full compromise of the affected instance, including:
- Unauthorized access to sensitive data.
- Modification of workflows.
- Execution of operations at the system level.
Extent of Exposure and Recommended Mitigations
The vulnerability affects all versions of n8n from 0.211.0 to 1.120.3.
According to attack surface management platform Censys, as of December 22, 2025, there were 103,476 potentially vulnerable instances exposed online. Most of these instances are located in the United States, Germany, France, Brazil and Singapore.
Patches and Solutions:
- Available patches: The vulnerability has been fixed in versions 1.120.4, 1.121.1 and 1.122.0.
Safety Recommendations:
Given the criticality of the flaw, users are advised to apply updates as soon as possible. If immediate patching is not feasible, it is recommended:
- Limit workflow creation and editing permissions to only trusted users.
- Deploy n8n in a hardened environment with restricted operating system privileges and limited network access to mitigate the risk of exploitation.
References
- CVE-2025-68613