CVE-2025-68613

Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3 n8n versions prior to 1.120.4 n8n versions prior to 1.121.1 n8n versions prior to 1.122.0

Description n8n, an open source workflow automation platform, is affected by a critical Remote Code Execution (RCE) vulnerability (CVE-2025-68613) with a CVSS score of 9.9. This flaw stems from insufficient isolation in the expression evaluation system, allowing authenticated users to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full system compromise, including unauthorized data access, workflow modification, and system-level operations. Over 100,000 instances are estimated to be exposed. The vulnerability occurs when expressions supplied by authenticated users during workflow configuration are evaluated without proper isolation from the underlying runtime. The

expression evaluation

system allows user input to be injected into the runtime without adequate security measures. An attacker can leverage this to execute system commands. The vulnerability affects versions from 0.211.0 up to, but not including, 1.120.4, 1.121.1, and 1.122.0.

Recommendations Upgrade to n8n version 1.120.4 or later. Upgrade to n8n version 1.121.1 or later. Upgrade to n8n version 1.122.0 or later. If upgrading is not immediately possible, limit workflow creation and editing permissions to fully trusted users only. Deploy n8n in a hardened environment with restricted operating system privileges and network access.