n8n: CVE-2025-68613

In this room, we will examine CVE-2025-68613 (opens in new tab), a critical vulnerability in n8n (opens in new tab) that was published on December 19, 2025, with a CVSS score of 9.9.

n8n is an open-source workflow automation platform designed to visually connect applications and services for task automation. Users build workflows composed of nodes, with each node representing an action such as making an API request, processing data, or sending an email. n8n is frequently used to automate repetitive operational tasks and to integrate security tools and SaaS platforms. Below is a simple example workflow that allows us to schedule an HTTP GET request to the NVD CVE API, format the output using JavaScript, and then send the report via email and to a Slack channel.

The n8n platform is commonly deployed in three primary configurations:

• Self-hosted instances: Organizations deploy n8n on-premises or in private cloud environments for full control and data sovereignty
• Cloud-hosted (n8n.cloud): Managed service offering with shared infrastructure
• Internal automation tools: Deployed within corporate networks to automate business processes between internal and external systems

Versions 0.211.0 through 1.120.3 contain a critical Remote Code Execution (RCE) vulnerability within the workflow expression evaluation system. If exploited, this flaw enables an authenticated attacker to execute system-level commands, potentially leading to data breaches, service disruptions, or full system compromise, all with the privileges assigned to the n8n process.

In this room, we will discuss the technical aspects of this vulnerability, demonstrate exploitation via web browser, and explore detection strategies.

This vulnerability has been addressed in versions 1.120.4, 1.121.1, and 1.122.0. To ensure system security, it is essential to update to one of these patched versions.