CVE-2025-68613

What is n8n?

n8n is an open-source, self-hostable workflow automation platform (similar to Zapier or Make) widely used by developers and organizations to connect APIs, databases, and services through visual workflow pipelines. n8n supports expressions — dynamic code snippets evaluated at runtime — that allow workflows to transform data, make decisions, and call external services. Because n8n integrates with hundreds of external services and is often deployed with privileged credentials (API keys, database passwords, cloud credentials), a code execution vulnerability in its expression engine can expose the entire integration ecosystem to an attacker.

Overview

CVE-2025-68613 is a critical code injection vulnerability (CWE-913: Improper Control of Dynamically-Managed Code Resources) in n8n's workflow expression evaluation engine. User-supplied expressions are evaluated in a JavaScript sandbox, but the sandbox is insufficiently isolated from the Node.js runtime. A low-privileged attacker (workflow create/edit access) can escape the sandbox by accessing the global this object and obtaining a reference to process.mainModule.require('child_process'), enabling arbitrary OS command execution on the n8n server. CVSS 9.9 with Scope:Changed reflects that exploitation breaks out of the sandbox boundary into the underlying host. MuddyWater (Iranian APT) exploited this vulnerability in active campaigns.

Affected Versions

Technical Details

The vulnerability (CWE-913) is in n8n's expression evaluation engine. n8n allows users to embed JavaScript-like expressions in workflow node configurations using a templating syntax. These expressions are evaluated at runtime in what is intended to be a sandboxed JavaScript context. However, the sandbox fails to restrict access to JavaScript's global scope:

An attacker can access the global this object within an expression, which — due to Node.js module system properties — exposes process.mainModule.require. By calling require('child_process'), the attacker obtains Node.js's child process module and can invoke exec() or execSync() to run arbitrary OS commands on the server hosting n8n. This is a classic sandbox escape via prototype chain access.

Exploitation requires only the ability to create or edit a workflow — a privilege granted to any registered n8n user, not just administrators. The CVSS Scope:Changed (S:C) flag reflects that the impact crosses from the n8n application boundary into the underlying OS.

Discovery

Discovered and reported by Fatih Çelik.

Exploitation Context

A spike in active exploitation was detected around Christmas 2025 — likely timed to reduced security monitoring during the holiday period. CISA added CVE-2025-68613 to the KEV catalog on 11 March 2026 with a 14-day FCEB remediation deadline. At the time of KEV listing, over 24,700 unpatched n8n instances remained publicly accessible on the internet. MuddyWater (Static Kitten, Mango Sandstorm, G0069 — Iranian state-sponsored APT) has been linked to exploitation campaigns targeting n8n instances for initial access. n8n's integration with cloud services and internal APIs makes post-exploitation particularly valuable: stored credentials within workflows can enable lateral movement across integrated systems.

Remediation

1. Upgrade n8n to version 1.120.4 or later immediately. For cloud-hosted n8n (n8n.cloud), updates are automatic.
2. If self-hosting, verify the current version: n8n --version or check the UI footer. Apply the update via npm: npm install -g n8n@latest.
3. Restrict workflow creation/edit access — only grant this privilege to trusted users. Do not allow anonymous or public access to the n8n instance.
4. Do not expose n8n directly to the internet without authentication — place it behind a reverse proxy with strong authentication (SSO, MFA). Limit access to trusted IP ranges.
5. Audit existing workflows for expressions containing process, require, child_process, or shell command references that may indicate prior compromise.
6. Rotate all credentials stored in n8n — API keys, database passwords, OAuth tokens — if exploitation is suspected, as these are accessible to expression code.
7. Review server logs for unexpected child process executions from the n8n process, unusual outbound connections, or new files in the n8n working directory.