CVE-2025-68613
Critical Remote Code Execution in n8n Workflow Expression Evaluation
Publication date: 2025-12-19
Last updated on: 2026-03-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | From 0.211.0 (inc) to 1.120.4 (exc) |
| n8n | n8n | 1.121.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-913 | The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical Remote Code Execution (RCE) issue in the n8n workflow automation platform. It occurs in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. Authenticated users can supply expressions during workflow configuration that may be evaluated in an execution context not sufficiently isolated from the underlying runtime. This allows an attacker to execute arbitrary code with the privileges of the n8n process.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to full compromise of the affected n8n instance. An attacker could gain unauthorized access to sensitive data, modify workflows, and execute system-level operations, potentially causing severe damage to the system and its data.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading n8n to a patched version (1.120.4, 1.121.1, or 1.122.0) which contains fixes and additional safeguards. If upgrading is not immediately possible, limit workflow creation and editing permissions to fully trusted users only, and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These are temporary measures and do not fully eliminate the risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated attacker to execute arbitrary code with the privileges of the n8n process, potentially leading to unauthorized access to sensitive data and modification of workflows. This could result in violations of data protection standards and regulations such as GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access and ensuring system integrity. Therefore, exploitation of this vulnerability may negatively impact compliance with these standards.