Ddos 
The popular workflow automation tool n8n has issued a critical security alert after discovering a vulnerability that could allow attackers to seize complete control of the platform. Tracked as CVE-2025-68613, the flaw has been assigned the maximum possible CVSS score of 10.0, signaling an immediate and catastrophic risk to unpatched instances.
The vulnerability, described as a Remote Code Execution (RCE) via Expression Injection, turns the platform’s greatest strength—its flexibility—into a critical weakness.
n8n is beloved by technical teams for “giving technical teams the flexibility of code with the speed of no-code” . However, this flexibility relies on the ability to evaluate dynamic expressions during workflow configurations.
According to the advisory, the vulnerability exists within this “workflow expression evaluation system”. Under certain conditions, expressions provided by an authenticated user are “evaluated in an execution context that is not sufficiently isolated from the underlying runtime”.
In simple terms, the sandbox meant to contain these user-defined scripts has a leak. An attacker who can log in and configure a workflow can inject malicious code that escapes the n8n environment and executes directly on the server.
Because the injected code runs with the same privileges as the n8n process itself, a successful exploit grants the attacker the keys to the kingdom.
The advisory warns that exploitation can lead to a “full compromise of the affected instance” . This includes:
- Data Theft: “Unauthorized access to sensitive data”.
- Sabotage: “Modification of workflows” .
- Server Takeover: “Execution of system-level operations”.
Given that n8n often sits at the center of an organization’s stack—connecting databases, CRMs, and APIs—a compromise here could facilitate lateral movement across the entire network.
The maintainers have released a fix in n8n v1.122.0 and are urging all users to upgrade immediately to acquire the “additional safeguards to restrict expression evaluation”.
For organizations that cannot take the platform offline for an immediate upgrade, two temporary workarounds are suggested, though they “do not fully eliminate the risk”:
- Restrict Access: “Limit workflow creation and editing permissions to fully trusted users only” . Since the attack requires authentication, this shrinks the attack surface.
- Harden the Environment: Deploy n8n in a locked-down environment with restricted OS privileges and limited network access to minimize the blast radius if an exploit occurs.
Donate