n8n Remote Code Execution (CVE-2025-68613)
Overview
n8n Remote Code Execution, tracked as CVE-2025-68613, affects n8n workflow automation deployments where expression evaluation is not sufficiently isolated from the underlying Node.js runtime. n8n is used to connect applications, APIs, credentials, and data workflows, so code execution in the n8n process can expose sensitive automation infrastructure.
Vulnerability Overview
CVE-2025-68613 is a remote code execution vulnerability in n8n's workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration can be evaluated in an execution context that is not sufficiently isolated from the server runtime.
The vulnerability requires authenticated access with the ability to configure or edit workflows. That still creates a serious risk in shared automation platforms because workflow editors may have less trust than server administrators, while the n8n process can hold high-value credentials and integrations.
Impact
The vulnerability is rated Critical with a CVSS 3.1 score of 9.9. Successful exploitation can allow arbitrary code execution with the privileges of the n8n process, unauthorized access to sensitive data, workflow modification, and system-level operations available to the application.
CVE-2025-68613 is listed in the CISA Known Exploited Vulnerabilities catalog, indicating known exploitation and a need for rapid remediation.
Vulnerability Scope
The affected range starts at n8n 0.211.0 and includes versions before 1.120.4, along with version 1.121.0. Fixed versions include 1.120.4, 1.121.1, and 1.122.0.
If upgrading is not immediately possible, the vendor advisory recommends limiting workflow creation and editing permissions to fully trusted users and running n8n in a hardened environment with restricted operating system privileges and network access.
Lab Focus
This Hackviser lab focuses on understanding how expression evaluation in workflow automation platforms can become a server-side code execution risk. You will practice identifying affected n8n versions, recognizing the authenticated workflow-editor threat model, and mapping runtime isolation issues to secure automation platform operations.