CVE-2025-68668, a critical security vulnerability has been disclosed in n8n, a popular open-source workflow automation platform. The flaw carries a CVSS v3.1 score of 9.9 (Critical) and allows authenticated users to execute arbitrary system commands on the underlying host operating system.
The vulnerability effectively breaks the trust boundary between workflow-level scripting and the host environment, enabling remote code execution (RCE) with the same privileges as the n8n service. Given n8n’s frequent deployment in production automation pipelines, CI/CD systems, and multi-tenant environments, the impact is severe.
Vulnerability Summary
| Attribute | Details |
|---|---|
| Product | n8n Workflow Automation Platform |
| Vulnerability Type | Sandbox Escape → Remote Command Execution |
| Severity | Critical |
| CVSS Score | 9.9 |
| Attack Vector | Authenticated |
| Privileges Required | Workflow creation or modification |
| User Interaction | None |
| Impact | Full system compromise |
Technical Root Cause Analysis
Unsafe Code Execution in Workflow Nodes
n8n allows users to embed custom logic in workflows using Code Nodes, including JavaScript and Python execution. Python execution is implemented via Pyodide, which is designed to sandbox Python code by running it in a WebAssembly (WASM) environment.
However, researchers discovered that:
- The sandbox did not adequately restrict access to host-level APIs
- Carefully crafted Python payloads could escape the Pyodide runtime
- Once escaped, attackers could execute arbitrary OS commands
This effectively turns a low-privilege workflow feature into a full host-level execution primitive.
Exploitation Path
An attacker with valid credentials and workflow access can:
- Create or edit a workflow
- Add a Python Code Node
- Inject malicious payloads that:
- Escape the sandbox
- Access Node.js internals or system calls
- Execute arbitrary shell commands
Because workflows may execute automatically or on triggers, exploitation can occur without user interaction once the workflow is activated.
Why This Is Especially Dangerous
1. Authenticated ≠ Safe
Many organizations grant workflow creation rights to:
- Developers
- Analysts
- Automation engineers
- External contractors
This vulnerability allows any such user to escalate privileges to full system access.
2. Automation Platforms Are High-Trust Systems
n8n commonly runs with:
- Access to credentials and secrets
- Network reachability to internal services
- Elevated filesystem permissions
A compromise often leads to lateral movement, credential theft, and persistent backdoors.
3. Cloud & Multi-Tenant Risk
In hosted or shared environments, a single malicious user could:
- Compromise other tenants
- Steal sensitive automation data
- Pivot into connected SaaS platforms
Affected Versions
- All n8n versions from 1.0.0 up to (but not including) 2.0.0
- Both self-hosted and cloud deployments are impacted if Python execution is enabled
Mitigation & Remediation
Permanent Fix (Strongly Recommended)
Upgrade immediately to n8n 2.0.0 or later
The new major release includes:
- A redesigned Python execution architecture
- Task-runner based sandboxing
- Stronger isolation between workflows and the host OS
Temporary Mitigations (If Upgrade Is Not Possible)
Administrators should apply one or more of the following:
# Disable Python in Code Nodes
N8N_PYTHON_ENABLED=false
# Exclude Code Node entirely
NODES_EXCLUDE=code
# Enable hardened task runner
N8N_RUNNERS_ENABLED=true
N8N_NATIVE_PYTHON_RUNNER=true
These measures reduce exposure but do not fully replace upgrading.
Detection & Defensive Monitoring
Security teams should:
- Audit all workflows containing Code Nodes
- Review workflow authorship and permissions
- Monitor for:
- Unexpected child processes
- Outbound connections from the n8n host
- File system changes outside expected paths
Indicators of compromise may include:
- Reverse shells
- Cron job creation
- Modified workflow definitions
Conclusion
The n8n CVSS 9.9 vulnerability represents one of the most severe automation-platform flaws disclosed in recent years. Any organization running vulnerable versions should consider this an urgent, high-priority incident.
Immediate patching is essential.
Failure to act exposes organizations to full system compromise via low-privilege authenticated users—a risk that is unacceptable in modern production environments.
