CVE-2025-68613

Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3 n8n versions 1.121.0 through 1.121.0 n8n versions 1.122.0 (affected versions not specified)

Description n8n contains a Remote Code Execution (RCE) flaw in its workflow expression evaluation system. Under certain conditions, expressions provided by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. This allows an authenticated attacker to execute arbitrary code with the privileges of the n8n process, potentially leading to full instance compromise, unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. There are over 24,700 publicly accessible unpatched instances worldwide, primarily in North America and Europe. Real-world exploitation has been observed involving the Zerobot botnet hijacking automated workflows for malicious command execution.

Recommendations Update to versions 1.120.4, 1.121.1, or 1.122.0. Limit workflow creation and editing permissions to fully trusted users only. Deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation.