What's Happening?
A significant security vulnerability has been identified in the n8n workflow automation platform, potentially allowing arbitrary code execution. This flaw, designated as CVE-2025-68613, has been assigned a CVSS score of 9.9, indicating its severity. The vulnerability affects versions from 0.211.0 to below 1.120.4, with over 103,000 instances potentially at risk globally, including a substantial number in the U.S. The issue arises from expressions provided by authenticated users during workflow configuration, which may be executed in a context not isolated from the runtime. This could enable attackers to execute arbitrary code with the same privileges as the n8n process, leading to unauthorized data access and system-level operations. The vulnerability has been addressed
in versions 1.120.4, 1.121.1, and 1.122.0, and users are urged to update immediately.
Why It's Important?
The discovery of this vulnerability is critical as it affects a widely used automation platform, potentially compromising sensitive data and operations across numerous industries. With a high number of instances located in the U.S., the flaw poses a significant risk to businesses relying on n8n for workflow automation. The ability for attackers to execute arbitrary code could lead to data breaches, operational disruptions, and financial losses. This situation underscores the importance of robust security measures and timely updates in software management to protect against such vulnerabilities.
What's Next?
Users of the n8n platform are advised to apply the latest patches immediately to mitigate the risk. For those unable to update promptly, it is recommended to restrict workflow creation and editing permissions to trusted users and to deploy n8n in a secure environment with limited operating system privileges and network access. This proactive approach can help reduce the potential impact of the vulnerability while ensuring continued operational security.
