The vulnerability identified as CVE-2025-68613 affects n8n, an open-source workflow automation platform widely used for integrating and automating tasks across various services. The issue is categorized under CWE-913, which involves improper control of dynamically-managed code resources. Specifically, the vulnerability exists in the workflow expression evaluation system where expressions provided by authenticated users during workflow configuration are executed in an insufficiently isolated context. This lack of isolation allows an attacker with legitimate workflow configuration access to execute arbitrary code with the same privileges as the n8n process. Since n8n often runs with significant system privileges to perform integrations and automation tasks, exploitation can lead to a complete compromise of the host system, including unauthorized access to sensitive data, modification or creation of malicious workflows, and execution of system-level commands. The vulnerability affects all versions starting from 0.211.0 up to but not including 1.120.4, as well as version 1.121.0. The vendor has released patches in versions 1.120.4, 1.121.1, and 1.122.0 that introduce enhanced safeguards to restrict expression evaluation and isolate execution contexts properly. The CVSS v3.1 score is 10.0, reflecting the critical nature of the vulnerability with network attack vector, low attack complexity, requiring only low privileges but no user interaction, and impacting confidentiality, integrity, and availability with a scope change. No known exploits are reported in the wild yet, but the criticality and ease of exploitation make this a high-priority issue. Temporary mitigations include limiting workflow creation and editing permissions to fully trusted users and deploying n8n instances in hardened environments with restricted OS privileges and network segmentation to reduce potential impact until patches can be applied.

For European organizations, the impact of this vulnerability is significant. n8n is used by enterprises and service providers to automate workflows that often involve sensitive business data and critical operational processes. Successful exploitation could lead to full system compromise, exposing confidential data, disrupting business operations, and enabling attackers to pivot within networks. This could result in data breaches, intellectual property theft, and operational downtime. The ability to modify workflows also allows attackers to embed persistent malicious automation, increasing the risk of long-term compromise. Given the criticality and the potential for widespread impact, organizations relying on n8n for automation must treat this vulnerability as a top priority. The risk is heightened in sectors with stringent data protection requirements such as finance, healthcare, and government, where unauthorized access could lead to regulatory penalties under GDPR and other frameworks.

1. Immediate upgrade to n8n versions 1.120.4, 1.121.1, or 1.122.0, which contain the official patches addressing this vulnerability. 2. Until upgrades are possible, restrict workflow creation and editing permissions strictly to fully trusted and vetted users to minimize the risk of malicious expression injection. 3. Deploy n8n instances within hardened environments: run with the least privilege principle, using dedicated service accounts with minimal OS permissions. 4. Implement network segmentation and firewall rules to limit n8n’s network exposure, preventing lateral movement in case of compromise. 5. Monitor workflow changes and audit logs closely for suspicious activity indicative of exploitation attempts. 6. Consider containerization or sandboxing of n8n processes to further isolate execution contexts. 7. Regularly review and update access controls and credentials associated with n8n to prevent privilege escalation. 8. Educate administrators and developers on secure workflow design and the risks of dynamic expression evaluation.