CVE-2025-68668 is a critical vulnerability identified in the n8n open source workflow automation platform, specifically affecting versions from 1.0.0 up to but not including 2.0.0. The vulnerability arises from a sandbox bypass in the Python Code Node, which leverages Pyodide to execute Python code within workflows. Normally, sandboxing restricts code execution to prevent unauthorized system access; however, due to a protection mechanism failure (CWE-693), an authenticated user with permissions to create or modify workflows can bypass these restrictions. This allows arbitrary command execution on the host operating system with the same privileges as the n8n process, potentially leading to full system compromise depending on the privileges assigned to n8n. The vulnerability does not require user interaction but does require authentication with specific workflow modification rights, making insider threats or compromised accounts particularly dangerous. The vulnerability has been assigned a CVSS v3.1 score of 9.9, indicating critical severity with network attack vector, low attack complexity, privileges required, no user interaction, and a scope change affecting confidentiality and integrity highly, and availability to a lesser extent. The issue was patched in n8n version 2.0.0. Until patching, mitigations include disabling the Code Node entirely by setting the environment variable NODES_EXCLUDE to exclude "n8n-nodes-base.code", disabling Python support in the Code Node via N8N_PYTHON_ENABLED=false (available since version 1.104.0), or configuring n8n to use the task runner-based Python sandbox through environment variables N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER. These mitigations reduce or eliminate the attack surface by restricting or sandboxing Python code execution more securely. No known exploits are reported in the wild yet, but the critical nature and ease of exploitation make this a high-priority issue for organizations using affected n8n versions.

For European organizations, the impact of CVE-2025-68668 can be severe. Since n8n is used for automating workflows, including business-critical processes, exploitation could lead to unauthorized command execution on servers hosting n8n, potentially resulting in data breaches, system manipulation, or lateral movement within networks. Confidentiality is at high risk as attackers can access sensitive data processed or stored by n8n workflows. Integrity is compromised because attackers can alter workflows or data outputs, disrupting business operations or injecting malicious actions. Availability impact is moderate but still significant, as attackers could disrupt automation services, causing operational downtime. Organizations in sectors such as finance, healthcare, manufacturing, and critical infrastructure that rely on automated workflows are particularly vulnerable. The requirement for authenticated access means that compromised credentials or insider threats could trigger exploitation. Given the critical CVSS score and the ability to execute arbitrary commands, the threat could facilitate ransomware deployment, espionage, or sabotage. European entities using vulnerable n8n versions without mitigations are at high risk of severe operational and reputational damage.

European organizations should immediately upgrade n8n installations to version 2.0.0 or later, where the vulnerability is patched. If immediate upgrading is not feasible, implement the following mitigations: 1) Disable the Python Code Node by setting the environment variable NODES_EXCLUDE to exclude "n8n-nodes-base.code" to prevent use of the vulnerable node. 2) Disable Python support in the Code Node by setting N8N_PYTHON_ENABLED=false, available since n8n version 1.104.0, to block Python code execution. 3) Configure n8n to use the task runner-based Python sandbox by enabling N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables, which provide a more secure sandbox environment. 4) Restrict workflow creation and modification permissions to trusted administrators only, minimizing the risk of exploitation by unauthorized users. 5) Monitor logs for suspicious workflow changes or unusual command executions. 6) Employ network segmentation and host-based intrusion detection to detect and prevent lateral movement if exploitation occurs. 7) Enforce strong authentication and credential management to reduce risk of compromised accounts. These targeted mitigations reduce attack surface and exposure until patching is completed.