CVE‑2025‑68613- A critical n8n vulnerability that exposes thousands of workflow automation servers to potential remote takeover.

 

A newly disclosed critical security vulnerability in n8n, the rapidly growing open‑source workflow automation platform, has put thousands of self‑hosted servers at immediate risk of full remote compromise. The flaw—tracked as CVE‑2025‑68613—carries a maximum CVSS severity score of 10, making it one of the most serious threats the automation ecosystem has faced this year.

The timing of this discovery could not be worse. n8n’s user base has expanded dramatically throughout 2025, following its €55 million Series B funding round and widespread adoption across enterprises. Today, the platform serves more than 3,000 enterprise customers and boasts over 200,000 active users, with major hosting providers like Hostinger, Kamatera, and ScalaHosting offering dedicated n8n VPS plans. 

With so many instances deployed in the wild—especially self‑hosted ones—the newly exposed flaw creates a massive attack surface for cybercriminals.

According to security researcher fatihhcelik, the root cause exists deep within n8n’s expression evaluation system, which allows users to add logic during workflow configuration. Versions 0.211.0 through 1.120.3 are affected.

The problem?
Authenticated users can inject malicious expressions that break out of n8n’s intended sandbox. This results in arbitrary command execution with full system privileges, essentially handing over complete control of the host machine.

Supporting research from other sources confirms the mechanism: under specific conditions, the expression engine evaluates user-supplied logic in a context not sufficiently isolated from the underlying runtime. This enables attackers to run system-level commands that inherit the privileges of the n8n process.

Immediate Response From n8n

To its credit, n8n acted swiftly. Within hours of disclosure, the project released patched versions:

• 1.122.0
• 1.121.1
• 1.120.4

These updates introduce stronger isolation mechanisms to protect the runtime environment. 

Security advisories strongly recommend upgrading immediately. Temporary mitigations—such as restricting workflow editing permissions or isolating the server environment—are available, but experts stress these are short‑term fixes only.

A Growing Pattern of High‑Severity n8n Vulnerabilities

CVE‑2025‑68613 is not an isolated case. Over the past year, n8n has faced multiple serious security flaws, including:

• CVE‑2025‑65964 — Git hooks RCE via configuration manipulation
• CVE‑2025‑62726 — RCE in Git Node operations
• CVE‑2025‑58177 — Stored XSS in public chat triggers

As n8n becomes a core component in modern AI-driven automation stacks, attackers increasingly view it as a high-value target.