A serious security flaw in n8n, a widely used open-source automation platform, has raised alarms across the tech community. With over 103,000 instances potentially affected, this critical vulnerability, identified as CVE-2025-68613, allows for remote code execution (RCE) attacks that could compromise entire systems.
"This vulnerability has a CVSS severity score of 9.9, indicating it's crucial for users to take immediate action," said a cybersecurity analyst from SecureLayer7. Disclosed on December 19, 2025, it highlights significant risks associated with insufficient isolation within n8n’s workflow expression evaluation process.
The flaw permits authenticated users to input malicious expressions during their workflow configurations, inadvertently bypassing the system's execution context safeguards. This oversight enables attackers to execute arbitrary code within n8n’s operational environment – a move that could lead to unauthorized access to sensitive data and complete system takeovers.
"Successful exploitation could allow attackers not only to manipulate workflows but also to command system operations directly, essentially compromising the whole automation infrastructure," explained a spokesperson for n8n. The affected versions range from 0.211.0 to earlier versions of 1.122.x, emphasizing a wide reach that could affect numerous organizations relying on the platform for automation.
"Successful exploitation could allow attackers not only to manipulate workflows but also to command system operations directly, essentially compromising the whole automation infrastructure,"
While SecureLayer7 has already prepared proof-of-concept (PoC) code to illustrate the vulnerability, fortunately, active exploits have not yet been reported. However, the need for vigilance remains high, particularly given that exploitation requires valid authentication credentials. "This authenticated attack means organizations with broad access permissions could be at even greater risk," cautioned the SecureLayer7 analyst.
"This authenticated attack means organizations with broad access permissions could be at even greater risk,"
In response to this critical situation, n8n has released patched versions: 1.120.4, 1.121.1, and 1.122.0 and later. The company has strongly urged all users to upgrade their systems immediately to these versions to mitigate potential attacks. "Organizations must prioritize addressing this vulnerability to shield their data and infrastructure from potential breaches," stated the n8n spokesperson.
"Organizations must prioritize addressing this vulnerability to shield their data and infrastructure from potential breaches,"
Looking Ahead
Looking Ahead
Looking Ahead
As the cybersecurity landscape continues to evolve, the ripple effects of this vulnerability could be profound. The need for robust security practices, particularly in automation tools where operations can be significantly impacted, cannot be overstated. Organizations that rely on n8n must act swiftly to protect their assets from this and future vulnerabilities, as the technology increasingly underpins essential business processes.