What Happened

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability in the n8n workflow automation platform to its Known Exploited Vulnerabilities (KEV) catalog, warning that attackers are actively exploiting the flaw in the wild. The vulnerability, tracked as CVE-2025-68613, carries a CVSS severity score of 9.9 out of 10—making it one of the most critical vulnerabilities disclosed this year.

n8n is a popular open-source workflow automation platform used by thousands of organizations to connect different services and automate business processes. Security researchers have identified over 24,700 unpatched n8n instances exposed online, with more than 12,300 in North America and 7,800+ in Europe, creating a massive attack surface for threat actors, according to The Hacker News.

Under CISA's Binding Operational Directive 22-01, federal agencies must patch this vulnerability by March 25, 2026. Private sector organizations should treat this timeline as a benchmark for their own remediation efforts.

Technical Details

The vulnerability exists in n8n's workflow expression evaluation system. n8n workflows use expressions wrapped in {{ }} syntax for dynamic data processing—similar to template engines in other platforms. These expressions are supposed to run in a sandboxed JavaScript environment, isolated from the underlying system.

However, according to Orca Security's research, vulnerable versions fail to properly isolate this sandbox. Authenticated attackers with workflow editing permissions can inject malicious expressions that escape the sandbox and access Node.js internals, including the require() function, core modules, and global objects.

REsecurity researchers explain the attack flow:

  • An authenticated user (any role with workflow editing access—no admin privileges required) creates or modifies a workflow
  • The attacker injects a crafted expression containing malicious JavaScript code
  • During workflow validation or execution, the expression escapes the sandbox
  • The attacker gains the ability to execute arbitrary operating system commands with the privileges of the n8n process

This type of "expression injection" attack is particularly dangerous because it requires only standard user credentials, not administrative access. Public proof-of-concept exploits have been circulating, lowering the barrier for attackers.

Impact Assessment

The consequences of successful exploitation are severe and multifaceted:

Full Server Compromise: Attackers can execute arbitrary commands on the host system, potentially gaining complete control over the server.

Data and Credential Theft: n8n workflows often handle sensitive data including API keys, database credentials, and authentication tokens. Attackers can exfiltrate these secrets, as noted by IONIX security researchers.

Lateral Movement: With access to n8n's 400+ integrations, attackers can pivot to connected systems—databases, cloud services, SaaS applications, and internal APIs—significantly expanding the breach scope.

Workflow Manipulation: Attackers can modify existing workflows to inject malicious logic, creating persistent backdoors or data exfiltration channels.

The vulnerability affects n8n versions starting from 0.211.0 through versions prior to the patched releases. Organizations running self-hosted n8n instances with default configurations are at highest risk, particularly those exposing the web interface to the internet.

What You Should Do

1. Patch Immediately: Upgrade to one of the fixed versions: n8n 1.120.4, 1.121.1, or 1.122.0 or later. These releases implement enhanced expression sandboxing and input validation. If you're using n8n Cloud, your instance should already be patched—verify with your n8n dashboard.

2. Audit Access Controls: Review who has workflow editing permissions in your n8n instance. The vulnerability requires authentication, so limiting the number of users with editing rights reduces your attack surface.

3. Check for Indicators of Compromise: Examine n8n logs for unusual workflow modifications, unexpected expressions, or suspicious API calls. Look for workflows containing expressions that reference require, process, or filesystem operations.

4. Harden Your Deployment: If possible, run n8n in a containerized environment with limited host access. Restrict network egress to only necessary endpoints. Consider placing n8n behind a VPN rather than exposing it directly to the internet.

5. Rotate Credentials: If you suspect compromise, rotate all API keys, database credentials, and secrets stored in n8n workflows or environment variables.

Lessons Learned

This vulnerability highlights several important security considerations for modern automation platforms:

Sandbox Escapes Are Common: Expression evaluation and template engines are frequent sources of vulnerabilities. The tension between functionality (allowing powerful expressions) and security (restricting dangerous operations) often leads to imperfect sandboxing.

Automation Tools Are High-Value Targets: Platforms like n8n, Zapier, and similar workflow tools sit at the intersection of multiple services and hold credentials for numerous systems. Compromising one automation platform can provide attackers with keys to the kingdom.

Authentication Isn't Enough: This vulnerability requires authentication but not elevated privileges. Defense-in-depth matters—assume that any authenticated user could become an attacker, and design your systems accordingly.

Internet Exposure Amplifies Risk: With over 24,000 exposed instances, the attack surface is enormous. Not every internal tool needs to be internet-accessible. Network segmentation and VPN access significantly reduce exposure to opportunistic attacks.

Resources