A critical security vulnerability has been discovered in the n8n workflow automation platform. If exploited, this flaw could allow arbitrary code execution on affected systems.

The vulnerability is tracked as CVE-2025-68613 and has a CVSS score of 9.9, indicating a very high severity. It was reported by security researcher Fatih Çelik. n8n is widely used, with around 57,000 weekly downloads.

The issue occurs when expressions provided by authenticated users during workflow configuration are evaluated in an execution environment that is not fully isolated. This behavior can be abused to run malicious code.

A successful attack allows an attacker to execute code with the privileges of the n8n process. This may lead to full system compromise, including unauthorized access to sensitive data, workflow manipulation, and execution of system-level commands.

The vulnerability affects all n8n versions from 0.211.0 up to but not including 1.120.4. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.

According to Censys data as of December 22, 2025, there are more than 103,000 potentially exposed n8n instances worldwide. Most of them are located in the United States, Germany, France, Brazil, and Singapore.

Users are strongly advised to update immediately. If patching is not possible, limit workflow creation and editing permissions to trusted users only. Running n8n in a hardened environment with restricted OS privileges and network access can also help reduce risk.

Source: https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html