Critical n8n flaw could enable arbitrary code execution
Tuesday, December 23, 2025
What
The n8n workflow automation platform has been found to contain a critical Remote Code Execution (RCE) vulnerability due to insufficient isolation of user-supplied expressions during workflow configuration. This flaw allows authenticated users to execute arbitrary code with the same privileges as the n8n process, which could result in unauthorized access to sensitive data and modification of workflows. The vulnerability has been patched in recent versions, and users are strongly urged to upgrade to mitigate risks.
Where
The vulnerability affects n8n instances worldwide, with a significant number located in the U.S., Germany, and France.
When
The vulnerability was reported on December 22, 2025, and has been acknowledged with a patch released in versions 1.120.4, 1.121.1, and 1.122.0.
Key Factors
- •CVE-2025-68613 has a CVSS score of 9.9, indicating critical severity.
- •The flaw allows authenticated users to execute arbitrary code due to insufficient isolation in the workflow expression evaluation system.
- •Over 103,000 potentially vulnerable instances have been identified, highlighting the widespread impact.
Takeaways
- →Organizations must prioritize patching vulnerable software to prevent exploitation.
- →The incident underscores the importance of secure coding practices and user input validation.
- →Restricting access to trusted users can temporarily mitigate risks until patches are applied.
Opens original article on Security Affairs
