CVE-2025-68613

Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3

Description n8n, an open-source workflow automation platform, is affected by a critical Remote Code Execution (RCE) vulnerability (CVE-2025-68613) with a CVSS score of 9.9. This flaw stems from an expression injection vulnerability within the platform’s workflow evaluation system. Authenticated users can exploit this to execute arbitrary code on the underlying server, potentially gaining full system compromise, accessing sensitive data, and manipulating workflows. Over 100,000 instances are reported to be exposed. The vulnerability allows attackers to bypass sandbox isolation and execute code with the privileges of the n8n process. Active exploitation of this vulnerability has been confirmed, and CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog.

Recommendations Upgrade n8n to version 1.120.4 or later (including 1.121.1 and 1.122.0) immediately. If upgrading is not immediately possible, restrict access to workflow creation and editing to fully trusted users only.