A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could lead to arbitrary code execution under certain circumstances.
This vulnerability is tracked as CVE-2025-68613 and has a CVSS score of 9.9 out of a maximum of 10.0. According to npm statistics, this package is downloaded approximately 57,000 times each week.
“Under certain conditions, expressions provided by an authenticated user during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime,” the npm package maintainer said.
“An authenticated attacker could exploit this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to complete compromise of an affected instance, including gaining unauthorized access to sensitive data, modifying workflows, or performing system-level operations.”
This issue affects all versions including 0.211.0 and above and below 1.120.4 and was patched in 1.120.4, 1.121.1, and 1.122.0. According to attack surface management platform Censys, as of December 22, 2025, there were 103,476 potentially vulnerable instances. The majority of instances are located in the United States, Germany, France, Brazil, and Singapore.
Given the severity of the flaw, users are advised to apply the update as soon as possible. If immediate patching is not possible, we recommend restricting workflow creation and editing privileges to trusted users and deploying n8n in a hardened environment with limited operating system permissions and network access to reduce risk.
Source link
