Labels

Critical n8n RCE Vulnerability (CVE-2025-68613): Over 100,000 Instances at Risk

A dramatic cybersecurity blog cover image showing a critical security alert related to an n8n remote code execution vulnerability, featuring a cracked monitor displaying the n8n logo, a red unlocked padlock icon, server racks with exposed cables and sparks, binary code overlays, and highlighted text reading Critical Security Alert n8n RCE Vulnerability CVSS 9.9, representing high-risk automation security threats and infrastructure compromise, designed and presented by Akaeid Hasan.

A critical security vulnerability has been discovered in the popular workflow automation platform n8n, potentially allowing attackers to take full control of affected servers.

The flaw, tracked as CVE-2025-68613, carries an alarming CVSS score of 9.9, placing it among the most severe vulnerabilities reported this year.

What Is CVE-2025-68613?
CVE-2025-68613 is an Authenticated Remote Code Execution (RCE) vulnerability in n8n.
Due to improper handling of user-supplied expressions, authenticated users can execute arbitrary JavaScript code at the server level.

This means even low-privileged users can escalate their access and run system commands on the underlying server.

Why This Vulnerability Is Dangerous
If exploited, this vulnerability allows an attacker to:
  • Execute arbitrary system commands
  • Fully compromise the n8n instance
  • Access stored credentials, API keys, and workflows
  • Steal, modify, or delete sensitive data
  • Perform lateral movement within the server or cloud environment
In short, a successful exploit can result in complete server takeover.


Scale of the Impact
Security researchers have identified more than 103,000 publicly exposed n8n instances worldwide.
A significant portion of these instances are running vulnerable versions, making them attractive targets for mass exploitation.

Given n8n’s widespread use in automation, DevOps, and integration pipelines, the real-world impact could be substantial.

Affected and Patched Versions
❌ Vulnerable Versions
n8n v0.211.0 through v1.120.3
✅ Patched / Secure Versions
  • v1.120.4
  • v1.121.1
  • v1.122.0 and later
Users running vulnerable versions are strongly advised to upgrade immediately.

Recommended Mitigation Steps
To reduce risk and secure your n8n environment:
  1. Update n8n immediately to a patched version
  2. Restrict workflow creation and editing permissions
  3. Apply the principle of least privilege for all users
  4. Secure exposed instances using firewalls and network rules
  5. Monitor logs for suspicious activity
Delaying these actions significantly increases the risk of compromise.

Final Thoughts
This is not a rumor or speculative report.
CVE-2025-68613 is a confirmed, high-impact vulnerability with real-world exploitation potential.

If you rely on n8n for business automation or integrations, taking immediate action is critical to protect your infrastructure and data.

Labels:

Comments

Post a Comment