A Critical Security Flaw in n8n Workflow Automation Platform: A Potential Disaster for Thousands of Instances
A critical security vulnerability has been uncovered in the n8n workflow automation platform, posing a significant threat to its users. This flaw, with a CVSS score of 9.9, could lead to arbitrary code execution if exploited, potentially compromising the security of thousands of instances.
The vulnerability, identified as CVE-2025-68613, affects all versions of n8n, including those above 0.211.0 and below 1.120.4. It arises from the way expressions supplied by authenticated users during workflow configuration are evaluated in an execution context that lacks sufficient isolation from the underlying runtime.
If exploited, this vulnerability could enable an authenticated attacker to execute arbitrary code with the privileges of the n8n process. This could result in full compromise of the affected instance, granting unauthorized access to sensitive data, the ability to modify workflows, and execute system-level operations.
As of December 22, 2025, Censys reports that there are 103,476 potentially vulnerable instances worldwide, with a majority located in the U.S., Germany, France, Brazil, and Singapore. This widespread exposure highlights the urgency of addressing this issue.
To mitigate the risk, users are advised to apply updates as soon as possible. If immediate patching is not feasible, it's crucial to restrict workflow creation and editing permissions to trusted users and deploy n8n in a hardened environment with limited operating system privileges and network access.
This critical flaw serves as a stark reminder of the importance of keeping software up-to-date and implementing robust security measures. Users are encouraged to stay vigilant and take proactive steps to protect their systems from potential threats.
