A critical remote code execution vulnerability has been uncovered within the popular n8n open-source workflow automation platform, posing an immediate and severe threat to a vast number of installations. Identified as CVE-2025-68613, the flaw carries a near-perfect CVSS severity score of 9.9, reflecting the ease of exploitation and the potential for complete system compromise. With over 100,000 servers potentially affected, a significant portion of which are located in the United States, the urgency for administrators to take action cannot be overstated. The situation is further compounded by the public availability of proof-of-concept code, which effectively provides a roadmap for malicious actors to exploit this weakness. The vulnerability allows an authenticated attacker, even one with minimal permissions to create or edit workflows, to execute arbitrary code on the underlying server, creating a direct path to data theft, operational disruption, and further network infiltration.
Deconstructing the Exploitation Pathway
The technical foundation of this vulnerability lies in an insufficient isolation of the execution context for user-supplied JavaScript expressions within n8n workflows. When a user embeds a JavaScript expression wrapped in {{ }}, the platform evaluates it on the server-side using Node.js. The critical mistake in affected versions is that this evaluation process fails to properly sandbox the code, granting it access to the global this context of the Node.js environment. This oversight is the key that unlocks the server for an attacker. A low-privileged user can leverage this access to call powerful, built-in Node.js objects, such as process, and subsequently load dangerous modules like child_process. By doing so, they can execute arbitrary system commands with the same privileges as the n8n server process itself. The attack surface is broad, as this flaw can be exploited through both the user-friendly web-based workflow editor and programmatically via the platform’s REST API endpoints, making it a versatile tool for a determined adversary.
Mitigation and a Path Forward
Successful exploitation of this flaw could have led to a full server compromise, enabling attackers to steal sensitive credentials, manipulate other critical workflows, or use the server as a launchpad for further attacks within a network. In response to this significant threat, the n8n development team issued patched versions 1.120.4, 1.121.1, and 1.122.0. These updates addressed the root cause by properly isolating the expression execution context and revoking access to the global this object, effectively closing the door on this attack vector. The primary and most urgent recommendation for all organizations using n8n versions 0.211.0 and later was to upgrade to a patched version immediately. For those unable to apply the patch right away, temporary mitigations involved a strict review of user permissions, limiting the ability to create or edit workflows to only the most trusted administrators. Deploying n8n in a hardened, least-privilege environment was also advised. However, these measures were only considered short-term workarounds, as a prompt update provided the only definitive solution to fully eliminate the risk.
