CVE-2025-71380
Received Received - Intake

Execute Command Node Arbitrary Command Execution in n8n

Vulnerability report for CVE-2025-71380, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulnCheck

Description

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-04
AI Q&A
2026-07-04
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
n8n-io n8n to 1.114.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in n8n involves the Execute Command node, which allows authenticated users to run arbitrary commands on the host system where n8n is deployed.

This occurs due to improper access control, meaning the node does not sufficiently restrict command execution to authorized users only.

As a result, attackers with user access or compromised credentials can exploit this node to execute malicious commands.

Impact Analysis

Exploitation of this vulnerability can lead to serious impacts including data exfiltration, service disruption, or complete system compromise.

Malicious commands executed by attackers could result in data breaches, loss of system integrity, and unavailability of services.

Mitigation Strategies

To mitigate this vulnerability, administrators are advised to disable the Execute Command node by default.

This can be done by setting the environment variable NODES_EXCLUDE to exclude the Execute Command node.

Additionally, strict control of user accounts and limiting access to trusted users can help reduce the risk of exploitation.

Compliance Impact

This vulnerability allows authenticated users or attackers with compromised credentials to execute arbitrary commands on the host system, potentially leading to data breaches, service disruptions, or full system compromise.

Such impacts can result in unauthorized access to sensitive data, which may violate data protection regulations like GDPR and HIPAA that require strict controls to protect confidentiality, integrity, and availability of personal and health information.

Therefore, organizations using affected versions of n8n with the Execute Command node enabled may face compliance risks if this vulnerability is exploited, as it undermines the security controls mandated by these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71380. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart