Per the attack surface management platform Censys, there are 103,476 potentially vulnerable instances as of December 22, 2025. With proof-of-concept exploits already published and widespread internet exposure, this vulnerability represents an immediate and critical risk to organizations using n8n for workflow automation.

The bottom line: If you're running n8n, you need to patch right now. This isn't a drill.

What is n8n?

n8n (pronounced "nodemation") is an open-source workflow automation platform that's become increasingly popular for connecting applications, APIs, and services. Think of it as a self-hosted alternative to tools like Zapier or Make.com.

Organizations use n8n to:

• Automate business processes and data flows
• Orchestrate integrations between cloud services
• Connect internal APIs and databases
• Process webhooks and trigger automated actions
• Build custom automation workflows without code

Here's what makes n8n particularly attractive — and dangerous when compromised:

High Privilege Access: n8n workflows typically have access to API keys, OAuth tokens, database credentials, and service secrets. It's a treasure trove of sensitive credentials.

Central Orchestration Layer: n8n often sits at the heart of an organization's infrastructure, connecting disparate systems. Compromising n8n means compromising everything it touches.

Self-Hosted Nature: Unlike SaaS alternatives, many organizations self-host n8n, which means they're responsible for security patching and configuration.

The Vulnerability: A Technical Deep Dive

How n8n Workflows Work

n8n workflows are built from "nodes" — visual building blocks that represent actions like API calls, data transformations, or conditional logic. These workflows support expressions: JavaScript-like code snippets that dynamically process data during execution.

For example, a workflow might use an expression like:

{{ $json.customer.email }}

To extract a customer's email from incoming data. These expressions are meant to run in a sandboxed environment — isolated from the underlying server's operating system.

Where Things Went Catastrophically Wrong

The vulnerability stems from insufficient sandbox isolation in n8n's workflow expression evaluation mechanism, where user-supplied expressions can escape the intended execution context. In vulnerable versions, the sandbox wasn't strong enough to prevent attackers from accessing the underlying Node.js runtime.

Here's the attack chain:

Step 1: Gain Authenticated Access

Unlike some RCE vulnerabilities that work without authentication, CVE-2025–68613 requires valid credentials. However, this is a lower barrier than it seems:

• Many n8n instances have open registration
• Credentials can be phished or stolen
• Internal users with workflow creation rights can abuse this
• Compromised accounts immediately become RCE vectors

Step 2: Craft a Malicious Expression

An attacker creates a workflow containing a specially crafted JavaScript expression designed to escape the sandbox. The expression exploits the insufficient isolation to access the underlying Node.js process.

A simplified example of a sandbox escape:

This expression attempts to access the process object—a global Node.js object that provides access to the operating system, environment variables, and the ability to spawn child processes.

Step 3: Execute Arbitrary Code

Once the attacker has access to the process object, they can execute arbitrary system commands:

This command executes whoami on the server and returns the result. An attacker could just as easily:

• Download and execute malicious payloads
• Establish reverse shells for persistent access
• Exfiltrate sensitive data and credentials
• Modify or delete workflows
• Deploy ransomware or cryptominers

Step 4: Full System Compromise

With code execution as the n8n process, attackers gain access to:

• All stored credentials: Every API key, OAuth token, database password, and service secret stored in n8n workflows
• Environment variables: Often containing encryption keys and internal access tokens
• Workflow execution logs: Historical data processed by the automation platform
• Connected systems: The ability to pivot laterally through every system n8n connects to

Real-World Attack Scenarios

Scenario 1: Supply Chain Compromise

Target: A SaaS company using n8n to automate customer onboarding

An attacker compromises a low-privilege account, exploits CVE-2025–68613, and gains access to the company's customer database credentials, payment processing API keys, and internal admin tokens. They silently modify workflows to exfiltrate customer data during the normal onboarding process, operating undetected for months.

Scenario 2: Ransomware via Automation

Target: A healthcare organization using n8n for patient data processing

Attackers gain access through phished credentials, exploit the RCE vulnerability, and deploy ransomware that encrypts not just the n8n server but also connected databases and file systems. Because n8n has privileged access across systems, the ransomware spreads quickly through automated connections.

Scenario 3: Cryptomining at Scale

Target: A fintech startup with n8n exposed to the internet

Internet scanners identify the vulnerable n8n instance. Automated exploit scripts compromise the server within hours of CVE disclosure, deploying cryptomining malware that runs quietly in the background, degrading performance and generating cryptocurrency for attackers.

Scenario 4: Insider Threat Amplification

Target: Any organization with internal n8n users

A disgruntled employee with legitimate workflow creation permissions exploits CVE-2025–68613 to establish backdoor access, steal intellectual property, and sabotage business processes — all while appearing to be a normal user creating workflows.

The Scale of the Problem

According to Censys data from December 22, 2025, there are 103,476 potentially vulnerable n8n instances, with the majority located in the United States, Germany, France, Brazil, and Singapore.

This represents:

• Thousands of organizations at immediate risk
• Millions of connected systems accessible through compromised n8n instances
• Potentially billions of records of sensitive data exposed

Security researcher Fatih Çelik has been credited with discovering and reporting the flaw, which was disclosed on December 19, 2025.

Affected Versions and Patches

Vulnerable Versions

The vulnerability affects n8n versions from 0.211.0 up to but not including the fixed releases 1.120.4, 1.121.1, and 1.122.0.

If you're running any version in these ranges, you are vulnerable:

• 0.211.0 to 1.120.3 (primary affected range)
• 1.121.0 (specific affected version)

Patched Versions

Upgrade immediately to one of these versions:

• 1.120.4 (for 1.120.x branch)
• 1.121.1 (for 1.121.x branch)
• 1.122.0 or newer (latest stable)

These versions include enhanced sandbox isolation that prevents expressions from escaping their intended execution context.

How the Exploit Works: A Practical Example

Let's walk through a real exploitation attempt to understand how attackers abuse this vulnerability:

1. Create a Test Workflow

An attacker with valid credentials creates a seemingly innocent workflow:

When this workflow runs, the malicious expression

is evaluated. In vulnerable versions:

• The expression escapes the sandbox
• Accesses the Node.js process object
• Returns all environment variables, which often contain sensitive credentials

3. Escalate to Remote Code Execution

Once the attacker confirms the sandbox escape works, they escalate to full RCE:

This reads the system's user database. From here, attackers can execute any command, download payloads, or establish persistent backdoors.

Detection and Response

Indicators of Compromise (IOCs)

If you suspect exploitation, look for these warning signs:

Workflow-Level Indicators:

• Workflows containing suspicious JavaScript expressions
• References to process, require, child_process, or mainModule in expressions
• Workflows created or modified by unexpected users
• Workflows that execute at unusual times

System-Level Indicators:

• Unexpected processes spawned by the n8n service
• Unusual outbound network connections from n8n servers
• New user accounts or SSH keys added to the system
• Modified n8n configuration files
• Unexplained CPU or memory usage spikes

Log Analysis

Unfortunately, n8n's default logging doesn't provide sufficient detail to detect expression injection attacks through application logs alone. The best detection approach is:

1. Deploy a Reverse Proxy or WAF

Place a web application firewall in front of n8n to inspect and log all incoming requests. Monitor for:

• POST requests to /rest/workflows
• Request bodies containing suspicious keywords: process, require, child_process, execSync, spawn

2. Monitor Process Execution

Use system monitoring tools (like Sysmon on Windows or auditd on Linux) to detect:

• Child processes spawned by the n8n process
• Commands like wget, curl, bash, sh, powershell executed by n8n
• Network connections initiated by child processes

3. Implement File Integrity Monitoring

Monitor critical n8n files for unauthorized changes:

• Workflow definition files
• Configuration files
• n8n application binaries

Example Sigma Detection Rule

For SIEM integration, here's a Sigma rule to detect potential exploitation:

title: Potential CVE-2025-68613 Exploitation in n8n
description: Detects suspicious expressions in n8n workflow creation
status: experimental
logsource:
  category: webserver
detection:
  selection:
    cs-method: 'POST'
    cs-uri-stem: '/rest/workflows'
  keywords:
    - 'this.process'
    - 'mainModule.require'
    - 'child_process'
    - 'execSync'
    - 'spawn('
  condition: selection and keywords
falsepositives:
  - Legitimate workflow expressions (tune based on your environment)
level: critical

Immediate Remediation Steps

Priority 1: Patch Immediately

Action: Upgrade to a patched version within 24–48 hours

1. Test in staging first: Verify the upgrade doesn't break existing workflows
2. Schedule maintenance window: Brief service interruption during upgrade
3. Apply the patch: Upgrade to 1.120.4, 1.121.1, or 1.122.0+
4. Verify the patch: Confirm version using n8n --version

Priority 2: Assess Exposure

Action: Determine if you've been compromised

1. Review workflow history: Look for suspicious expressions or modifications
2. Audit user accounts: Check for unauthorized accounts or privilege escalation
3. Analyze system logs: Search for unusual process creation or network activity
4. Inspect configuration: Verify no backdoors have been added

Priority 3: Rotate All Credentials

Action: Assume compromise and rotate all sensitive credentials

Even if you find no evidence of exploitation, practice defense-in-depth:

1. Rotate API keys and tokens stored in n8n workflows
2. Change database passwords accessed by n8n
3. Refresh OAuth tokens for connected services
4. Update service account credentials used by workflows
5. Reset user passwords for n8n accounts

Priority 4: Harden Configuration

Action: Reduce attack surface while patching

If immediate patching isn't possible:

1. Remove public internet access: Place n8n behind VPN or restrict to internal networks only
2. Implement strict access controls: Limit workflow creation/editing to essential users only
3. Enable audit logging: Deploy a reverse proxy to capture all requests
4. Apply least privilege: Run n8n with minimal operating system permissions
5. Segment the network: Isolate n8n in a restricted network segment

Long-Term Security Recommendations

1. Never Expose n8n Directly to the Internet

n8n should never be publicly accessible without additional security controls:

• Deploy behind a VPN for remote access
• Use a reverse proxy with authentication (e.g., OAuth2 Proxy)
• Implement IP allowlisting for known sources
• Consider using a Web Application Firewall (WAF)

2. Implement Role-Based Access Control (RBAC)

Limit who can create and modify workflows:

• Grant workflow creation rights only to trusted users
• Regularly audit user permissions
• Use the principle of least privilege
• Enable workflow approval processes for sensitive automations

3. Practice Credential Hygiene

Don't let n8n become a credential honeypot:

• Use dedicated service accounts with minimal permissions
• Implement credential rotation policies
• Consider using secrets management tools (HashiCorp Vault, AWS Secrets Manager)
• Never hardcode credentials in workflows

4. Enable Comprehensive Monitoring

Deploy defense-in-depth monitoring:

• Application-level logging via reverse proxy
• System-level process monitoring
• Network traffic analysis
• Security Information and Event Management (SIEM) integration

5. Conduct Regular Security Assessments

Make security testing routine:

• Perform quarterly penetration testing
• Run vulnerability scans on n8n infrastructure
• Review workflow expressions for suspicious patterns
• Audit access logs and user permissions

6. Implement Network Segmentation

Isolate n8n from critical systems:

• Deploy in a DMZ or restricted network segment
• Limit outbound connections to only required services
• Use microsegmentation to contain potential breaches
• Monitor east-west traffic between segments

7. Maintain an Incident Response Plan

Be prepared for compromise:

• Document response procedures for automation platform breaches
• Define escalation paths and stakeholder contacts
• Practice incident response through tabletop exercises
• Maintain clean backups for rapid recovery

The Bigger Picture: Automation Platforms as Attack Vectors

CVE-2025–68613 highlights a critical shift in the threat landscape: automation and workflow platforms are becoming prime targets.

Why Attackers Love Automation Platforms

1. Centralized Privilege: One compromise provides access to dozens of connected systems
2. Credential Repositories: Workflows store API keys, tokens, and passwords in one place
3. Trusted Position: Automation platforms are designed to interact with internal systems without scrutiny
4. Persistence: Malicious workflows can run indefinitely, providing long-term access
5. Wide Deployment: Growing adoption means more targets

The AI and Low-Code Revolution Increases Risk

As organizations rush to adopt AI-powered automation and low-code platforms:

• Security visibility lags behind innovation: New tools get deployed faster than security teams can assess them
• Shadow IT proliferates: Departments spin up automation tools without security oversight
• Attack surface expands: Each new automation platform is another potential entry point
• Complexity increases: More integrations mean more opportunities for misconfiguration

Lessons from CVE-2025–68613

This vulnerability teaches us several critical lessons:

Sandboxing is Hard: Even mature projects like n8n can fail to properly isolate user-supplied code. Never assume a sandbox is secure without verification.

Authentication ≠ Authorization: Just because someone can log in doesn't mean they should be able to execute arbitrary code. Implement granular permissions.

Default Deny: Automation platforms should deny all capabilities by default and explicitly grant only what's needed. The reverse approach (allow everything, block specific things) is inherently insecure.

Assume Breach: Design systems assuming attackers will gain authenticated access. What's the blast radius if they do? How quickly can you detect and respond?

Conclusion

CVE-2025–68613 is a wake-up call for organizations relying on workflow automation platforms. With a CVSS score of 9.9 and over 103,000 vulnerable instances exposed to the internet, this vulnerability represents one of the most critical security risks disclosed in late 2025.

The key takeaways:

✅ Patch immediately — Upgrade to n8n 1.120.4, 1.121.1, or 1.122.0+ ✅ Assume compromise — Rotate all credentials stored in n8n workflows ✅ Remove internet exposure — Never expose automation platforms directly to the public internet ✅ Implement defense-in-depth — Multiple layers of security, not just patching ✅ Monitor aggressively — Deploy detection for process execution and network anomalies

This isn't just about fixing one vulnerability. It's about fundamentally rethinking how we secure automation platforms in an era where they've become central to business operations and attractive targets for attackers.

Don't wait for the next critical CVE to take action. Review your n8n security posture today.

References:

1. CVE-2025–68613 Details: NIST National Vulnerability Database
2. n8n Security Advisory: n8n GitHub Security Advisory
3. n8n Official Documentation: n8n Security Best Practices
4. The Hacker News Coverage: Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution
5. Orca Security Analysis: CVE-2025–68613: Critical n8n RCE & Server Compromise
6. SOCRadar Vulnerability Intelligence: CVE-2025–68613: Critical RCE Vulnerability Disclosed in n8n
7. Resecurity Research: CVE-2025–68613: Remote Code Execution via Expression Injection in n8n
8. Indusface Analysis: CVE-2025–68613: Critical n8n RCE Vulnerability Enables Full Server Compromise
9. eSecurity Planet: 103K n8n Automation Instances at Risk From RCE Flaw
10. Censys Search: n8n Instance Discovery (Requires account)
11. Shodan n8n Search: Find Exposed n8n Instances (Search for "n8n")

Stay vigilant. Patch aggressively. Secure your automation platforms.

About Me

Hi, I'm Dhanush Nehru an Engineer and Content Creator. I document my journey through articles and videos, sharing real-world insights about DevOps, automation, security, cloud engineering and more.

You can support me / sponsor me or follow my work via X , Instagram, Github or Youtube.