top of page
Search

New Title: Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

  • Dec 23, 2025
  • 2 min read

Key Findings


  • A critical security vulnerability (CVE-2025-68613) with a CVSS score of 9.9 has been discovered in the n8n workflow automation platform.

  • The flaw could enable arbitrary code execution under certain circumstances, potentially leading to a full compromise of the affected instances.

  • The vulnerability affects all versions of n8n from 0.211.0 and below 1.120.4, and has been patched in versions 1.120.4, 1.121.1, and 1.122.0.

  • According to Censys, there are 103,476 potentially vulnerable instances as of December 22, 2025, with a majority located in the U.S., Germany, France, Brazil, and Singapore.


Background


n8n is a popular open-source, low-code, workflow automation platform that enables users to create and connect various applications and services. It has around 57,000 weekly downloads on npm and is widely used by organizations to streamline their business processes.


Vulnerability Details


The vulnerability, dubbed CVE-2025-68613, is caused by insufficient isolation of the execution context for expressions supplied by authenticated users during workflow configuration. An attacker could potentially abuse this behavior to execute arbitrary code with the privileges of the n8n process.


Potential Impact


Successful exploitation of this vulnerability could lead to a full compromise of the affected n8n instances, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.


Mitigations and Recommendations


  • Users are advised to update to versions 1.120.4, 1.121.1, or 1.122.0, which contain the fix for this vulnerability.

  • If immediate patching is not possible, it's recommended to limit workflow creation and editing permissions to trusted users, and deploy n8n in a hardened environment with restricted operating system privileges and network access to mitigate the risk.


Conclusion


The discovery of this critical vulnerability in the widely used n8n workflow automation platform highlights the importance of maintaining secure software practices and keeping systems up-to-date. Users are strongly encouraged to implement the recommended mitigations as soon as possible to protect their systems and data from potential exploitation.


Sources


  • https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html

  • https://www.threads.com/@thehackernews/post/DSmRHM1D8U9/alert-a-critical-rce-flaw-cvss-was-found-in-the-n-n-workflow-automation

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page