Critical n8n Vulnerability (CVE-2025-68613): What You Need to Know and How to Protect Your Systems

Your favorite workflow automation platform may be be the very door that lets attackers into your systems thanks to a new exploit targeting n8n servers. This unsettling scenario is now a reality for many users of n8n, the widely used open-source automation tool, after a critical security flaw, scoring 9.9 out of 10 on the CVSS scale, was publicly disclosed.

Unpacking the Vulnerability

Security researcher Fatih Çelik identified and reported a major bug, cataloged as CVE-2025-68613, affecting n8n. The flaw allows authenticated users to execute arbitrary code on the host machine when certain conditions are met. The root problem lies in how n8n evaluates user-supplied expressions inside workflow configurations. Insufficient isolation during this process enables attackers to exploit the weakness, potentially giving them control over the entire instance.

How Widespread Is the Threat?

With more than 57,000 weekly downloads, n8n's popularity makes this vulnerability especially alarming. A Censys scan found over 103,000 potentially exposed instances worldwide as of December 22, 2025, with the highest concentrations in the U.S., Germany, France, Brazil, and Singapore. If exploited, attackers could:

• Run arbitrary code with the same privileges as the n8n process
• Take over the n8n instance entirely
• Steal or exfiltrate sensitive information
• Alter or disrupt automated workflows
• Perform unauthorized actions at the system level

Who Should Be Concerned?

This vulnerability impacts all n8n versions from 0.211.0 up to, but not including, 1.120.4. Organizations running unpatched instances, especially those exposed to the internet or with permissive access controls, are at the greatest risk. While successful exploitation requires authentication, attackers can often obtain credentials through weak security measures or social engineering tactics.

Recommended Actions and Mitigations

n8n’s maintainers responded quickly, releasing patches in versions 1.120.4, 1.121.1, and 1.122.0. If you manage an n8n deployment, update immediately to a patched version. If immediate patching isn’t possible, consider these measures:

• Limit workflow creation and editing rights to trusted users only
• Deploy n8n in a secure environment with minimal system and network privileges
• Monitor for suspicious activity and regularly review audit logs

Lessons for Security-Conscious Organizations

This incident serves as a crucial reminder: even trusted open-source automation solutions can harbor severe vulnerabilities. Staying secure means prioritizing timely updates, enforcing strict permission controls, and applying robust network segmentation. Ignoring these basics can result in total system compromise, data loss, and disruption of essential business processes.

Final Takeaways

The n8n vulnerability demonstrates why proactive security management is essential in today’s fast-paced IT environments. Whether you operate a single n8n instance or oversee a large-scale automation deployment, take immediate steps to secure your infrastructure and minimize risk. Don’t let ease of automation become your organization’s weak point.

Source: The Hacker News