Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution

The n8n workflow automation platform suffers from a critical vulnerability (CVE-2025-68613) with a CVSS score of 9.9, potentially allowing authenticated users to execute arbitrary code. This flaw impacts versions 0.211.0 through 1.120.4, and has been addressed in releases 1.120.4, 1.121.1, and 1.122.0.

Why This Matters

Workflow automation tools aim to simplify complex tasks, but often rely on evaluating user-supplied expressions. In ideal models, these expressions are executed in sandboxed environments; however, insufficient isolation can expose the underlying system to attack. This vulnerability demonstrates the risk of such misconfigurations, potentially leading to full system compromise, with over 103,000 vulnerable instances detected as of December 22, 2025.

Key Insights

• CVE-2025-68613, December 2025: A critical remote code execution vulnerability affecting n8n.
• Expression Evaluation: The vulnerability arises from inadequate isolation during expression evaluation within workflows.
• Censys Data: As of December 22, 2025, Censys identified 103,476 potentially vulnerable n8n instances.

Practical Applications

• Use Case: Companies using n8n for automating business processes like data synchronization or lead management could be compromised if workflows are exploited.
• Pitfall: Relying on default configurations without proper security hardening can leave workflow automation platforms vulnerable to code execution attacks.

References:

• https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html