Critical remote code execution flaw reported in n8n workflow automation platform
Take action: If you're running self-hosted n8n, plan a quick upgrade to version 1.120.4, 1.121.1, or 1.122.0 to patch CVE-2025-68613. Until you upgrade, restrict workflow editing permissions to fully trusted users only.
Learn More
n8n, an open-source workflow automation platform, is reporting a critical security vulnerability that exposes self-hosted instances to remote takeover.
The flaw is tracked as CVE-2025-68613 (CVSS score 10.0), it allows authenticated attackers to execute arbitrary code with full system privileges. A compromised self-hosted instance could expose sensitive internal workflows, API credentials for connected services, and provide attackers with a foothold into corporate networks. The platform's recent integration with AI features has made it even more critical to organizational operations. Approximately 75% of customers are now using n8n to connect language models, vector databases, and proprietary systems.
The vulnerability affects n8n versions 0.211.0 through versions prior to 1.120.4, 1.121.1, and 1.122.0
Patched versions that resolve this vulnerability are 1.120.4, 1.121.1, and 1.122.0.
Organizations are strongly advised to upgrade immediately to one of these patched versions. For administrators unable to upgrade immediately, temporary mitigations include restricting workflow creation and editing permissions exclusively to fully trusted users.
Update - as of 22nd of December 2025, a public PoC and scanner are published. Now attackers have a template for fast exploitation.
