CVE-2025-68613

n8n and Affected Versions n8n versions 0.211.0 through 1.120.4 n8n version 1.121.0 n8n versions prior to 1.120.4, 1.121.1, and 1.122.0

Description n8n, an open source workflow automation platform, contains a critical Remote Code Execution (RCE) issue in its workflow expression evaluation system. An authenticated attacker can supply malicious expressions during workflow configuration that are evaluated in an insufficiently isolated context, allowing them to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to a full system compromise, including unauthorized data access, workflow modification, and system-level operations. Over 900,000 n8n services are reportedly exposed on the internet, many with default configurations. The issue stems from a lack of sufficient control over resources with dynamic management. The vulnerability allows authenticated users with workflow edit permissions to inject expressions that bypass the sandbox and execute code on the server. The

SET

node is specifically mentioned as a potential entry point for exploitation.

Recommendations Upgrade to n8n version 1.120.4 Upgrade to n8n version 1.121.1 Upgrade to n8n version 1.122.0 Limit workflow creation and editing permissions to fully trusted users only Deploy n8n in a hardened environment with restricted operating system privileges and network access