By ByteBot
The n8n workflow automation platform was hit by CVE-2025-68613, a critical 9.9/10.0 CVSS vulnerability disclosed December 19-22, 2025. The flaw allows authenticated attackers to execute arbitrary code via expression injection, bypassing Node.js sandboxing to gain full server access. Over 103,476 instances globally face risk, affecting all n8n versions from 0.211.0 through pre-patch releases. Developers using this popular open-source Zapier alternative for DevOps automation, API orchestration, and workflow management must update immediately to versions 1.120.4, 1.121.1, or 1.122.0.
Sandbox Escape Via Expression Injection
CVE-2025-68613 exploits insufficient sandboxing in n8n’s workflow expression evaluation. Authenticated users can inject malicious code into expression fields that escape isolation and access Node.js internals. Malicious expressions gain access to the global this object, then the process object, enabling system command execution via child_process.execSync().
Full instance compromise follows. Attackers steal credentials for integrated services, access databases, install backdoors, and pivot to other systems. Orca Security confirmed exploitation leads to unauthorized data access and system-level operations. SecureLayer7 published proof-of-concept code. No public attacks yet, but weaponization is imminent.
The “authenticated only” requirement provides limited protection. Organizations grant workflow editing broadly. Insider threats, compromised accounts, and multi-tenant deployments face extreme exposure.
103,000 Vulnerable Instances Globally
Censys identified 103,476 potentially vulnerable n8n instances as of December 22, 2025. The scope spans two years of releases, affecting all versions from 0.211.0 (early 2023) through pre-patch 2025 releases. Internet-facing deployments and multi-tenant hosting environments face the highest risk.
n8n serves DevOps teams, backend developers, and startups as a cost-effective Zapier alternative. Enterprises self-host for data control, using 400+ integrations. The platform’s developer-friendly custom code feature is also its vulnerability vector.
This highlights broader low-code/no-code security challenges. Gartner predicts 70% of applications will use low-code by 2025, but security maturity lags. OWASP identifies data exposure and vendor dependency as top risks. CVE-2025-68613 exemplifies both.
Fast Patches Released, But Manual Updates Required
n8n released patches within days: versions 1.120.4, 1.121.1, and 1.122.0. No workarounds exist. Expression hardening requires code-level fixes.
If patching is blocked, restrict workflow editing to trusted users, deploy with minimal OS privileges, isolate network access, and monitor system commands. Review workflows for suspicious expressions and audit logs for unauthorized changes.
Self-hosted platforms shift patching responsibility to users. Zapier auto-patches, but n8n requires manual updates. This is the open-source tradeoff: control versus discipline. How many of the 103,476 instances will patch promptly?
Rethinking Workflow Platform Security
CVE-2025-68613 breaks security assumptions. “Authenticated only” doesn’t mean safe. “Sandbox” doesn’t guarantee isolation. “Expression evaluation” carries code execution risk.
Workflow platforms aggregate credentials, connect to databases, expose business logic, and operate with broad permissions. Single compromise enables lateral movement across entire stacks.
The pattern repeats. CVE-2025-53372 showed similar sandbox escape in December 2025. Historical vulnerabilities in vm2 and safe-eval prove JavaScript sandboxing remains unsolved. Container isolation is more reliable.
Treat workflow platforms like databases and auth services. Use secrets management (Vault, AWS Secrets Manager), not hardcoded keys. Implement network segmentation, least privilege, and monitoring. Include in incident response plans.
What to Do Right Now
Update immediately to 1.120.4, 1.121.1, or 1.122.0. Review workflow permissions and revoke unnecessary access. Audit workflows for suspicious expressions. Check access logs for unauthorized changes.
Implement secrets management (move keys out of workflows), isolate n8n from databases, set up monitoring, and reduce permissions to least privilege. Use OAuth tokens, not static keys. Rotate credentials regularly. Don’t expose workflow platforms to public internet.
Elevate n8n to critical infrastructure tier. Establish patching cadence. Include in disaster recovery plans.
The broader lesson: As 70% of applications adopt low-code by 2025, security assumptions need updating. “Sandboxed” execution doesn’t guarantee isolation. Workflow platforms handling credentials across dozens of services represent concentrated risk. Self-hosted open-source requires active management, not passive trust.
Patch now. The 103,476 vulnerable instances won’t secure themselves.
