547/68 Thursday, December 25, 2025
Cybersecurity researchers have disclosed a critical vulnerability in the n8n workflow automation platform, tracked as CVE-2025-68613, with a CVSS score of 9.9 (Critical). Under certain conditions, this vulnerability could allow an attacker to execute arbitrary code on affected systems. n8n is a widely used workflow automation platform, with approximately 57,000 weekly downloads from npm, and is extensively deployed across technology-focused organizations.
The vulnerability stems from improper handling of workflow expression evaluation, where the execution context is not adequately isolated from the runtime environment. As a result, an authenticated user can exploit this flaw to execute code with the same privileges as the n8n service. Successful exploitation could lead to full system compromise, unauthorized access to sensitive data, manipulation of workflows, and execution of operating system–level commands.
The n8n development team has released patches in versions 1.120.4, 1.121.1, and 1.122.0, and strongly recommends users upgrade immediately. If upgrading is not yet possible, organizations should restrict workflow creation and modification privileges to trusted users only and implement additional security controls. According to Censys, more than 100,000 potentially vulnerable n8n instances have been identified worldwide, underscoring the urgency of addressing this issue as soon as possible.
