CVE-2025-68613 (CVSS 9.9): Remote Code Execution via Expression Injection in n8n

Estimated reading time: 15 minutes

Key Takeaways

  • Critical RCE Vulnerability: CVE-2025-68613 is a severe Remote Code Execution (RCE) flaw (CVSS 9.9) in the n8n workflow automation platform, stemming from improper expression injection.
  • Low-Privilege Exploitation: Authenticated users, even those with minimal permissions to create or edit workflows, can exploit this vulnerability to execute arbitrary code on the underlying server.
  • Sandbox Escape: The flaw allows attackers to escape n8n’s intended sandbox, gaining access to Node.js global objects and internal APIs like `child_process` for system command execution.
  • Widespread Impact: Successful exploitation leads to severe breaches of confidentiality, integrity, and availability, risking sensitive data exfiltration, workflow tampering, and operational disruption across an organization’s IT supply chain.
  • Urgent Remediation: Immediate upgrade to patched n8n versions (1.120.4, 1.121.1, or 1.122.0 and later) is imperative, complemented by strong access controls, continuous monitoring, and robust incident response strategies.

Table of Contents

CVE-2025-68613: Remote Code Execution via Expression Injection in n8n

The workflow automation platform n8n recently disclosed a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-68613. This flaw resides within its server-side expression evaluation engine, enabling authenticated users, even those with low-privilege permissions, to execute arbitrary code on the underlying server. This capability arises from the malicious injection of JavaScript expressions into workflows, which allows an attacker to escape the intended sandbox environment and interact with the Node.js runtime with the privileges of the n8n process.

Research indicates that 103,476 n8n instances across the internet were potentially vulnerable, distributed globally. Given n8n’s role in combining AI capabilities with business process automation and its extensive integrations (over 400 third-party solutions), a successful compromise carries significant implications for enterprise environments, potentially leading to widespread data breaches and malicious code distribution. Such platforms are integral to the modern IT supply chain, and their vulnerabilities represent a new vector for threat actors. The vulnerability received a CVSS score of 9.9 (Critical), reflecting its low attack complexity, severe impact, and its effect on core application functionality.

PurpleOps understands the criticality of such vulnerabilities and the need for timely assessment, remediation, and breach prevention. The timing of detected exploitation spikes, particularly around holiday periods, underscores the importance of continuous monitoring and proactive security measures.

Executive Summary

CVE-2025-68613 is a critical Remote Code Execution (RCE) vulnerability affecting the n8n workflow automation platform’s server-side expression evaluation engine. This flaw permits authenticated users to inject malicious JavaScript expressions into workflows, enabling them to escape the application’s intended sandbox and execute arbitrary code with the privileges of the n8n process. Since expressions are evaluated on the server, successful exploitation leads to the complete compromise of the n8n instance.

Attackers, even those with limited permissions to create or edit workflows, can leverage this vulnerability to execute operating-system commands, exfiltrate sensitive secrets (such as API keys, tokens, and passwords), read or modify files on the host system, and ultimately gain full control of the underlying server. The CVSS score of 9.9 (Critical) reflects the vulnerability’s low attack complexity and high impact. The widespread deployment of n8n makes this a significant concern for organizations reliant on automated processes. Exploitation of this RCE can lead to extensive data breaches and the deployment of persistent backdoors, with potentially long-lasting consequences for affected enterprises.

Vulnerability Overview

n8n – Workflow Automation Platform

n8n is an open-source workflow automation platform operating under a fair-code license. It enables technical teams to connect various applications and services to create custom automated processes. The platform simplifies workflow design through visual graphs, where each node represents a specific task, such as making an API request, processing data, executing logic, or interacting with databases.

n8n integrates a low-code/no-code drag-and-drop interface with the flexibility of custom code execution, supporting both JavaScript and Python for advanced logic. This hybrid approach offers both the speed of no-code development and the power of traditional programming. Common use cases for n8n include data workflow automation, API orchestration, chatbot and AI pipeline development, IT/DevOps automation, and CRM/business process automation. Organizations can self-host n8n or use it as a cloud service, providing control over data and infrastructure.

How n8n Works

An n8n workflow functions as a directed graph of nodes. Each workflow initiates with a trigger node, which dictates when and how the workflow executes. Examples include webhook triggers, scheduled (cron) triggers, or event-based triggers from external services. Upon activation, n8n processes each connected node sequentially. Each node receives input data, performs a defined action (e.g., API calls, data transformation), and then passes its output to the subsequent node.

A typical workflow might involve a schedule trigger running daily, an HTTP request node fetching data from an external API, a function node processing or filtering this data, and finally, a Slack node sending a notification. All workflow executions are logged, allowing users to inspect input/output data per node, review execution history, and debug failed executions. Built on Node.js, n8n efficiently handles numerous concurrent executions.

n8n’s critical role in IT infrastructure stems from its integration capabilities, which connect databases with cloud services, automate data processing pipelines, and link CRMs, ERPs, and internal systems. It also manages sensitive data and API credentials, making vulnerabilities in the platform particularly dangerous as they can grant attackers access to entire networks and sensitive information, directly impacting PurpleOps Solutions efforts.

Affected and Fixed Versions

The CVE-2025-68613 vulnerability arises from improper sandboxing within the n8n expression evaluation engine and impacts multiple release branches.

Vulnerable Versions:

  • All n8n versions from 0.211.0 up to and including 1.120.3.
  • Version 1.121.0.
  • Early 1.122.x releases preceding 1.122.0.

Any n8n instance operating on a version earlier than the specified patched releases is susceptible to this vulnerability.

Patched Versions:
The issue has been resolved in the following releases:

  • 1.120.4: Patch for the 1.120.x branch.
  • 1.121.1: Patch for the 1.121.x branch.
  • 1.122.0 and later: The fully patched baseline moving forward.

Organizations must prioritize upgrading to these patched versions to mitigate the risk posed by CVE-2025-68613.

Understanding the Core Issue Using n8n Expressions

Step 1 – What Is an Expression?
In n8n, an expression is JavaScript code that evaluates to a value. These expressions are enclosed within {{ }} and executed server-side. For instance, {{ 2 + 2 }} would result in 4. n8n processes these expressions directly on the server, not within the user’s browser.

Step 2 – Expressions Can Contain Functions
JavaScript expressions are not limited to basic arithmetic; they can include function calls that execute immediately. An example is {{ (function () { return 10 + 5 })() }}, which yields 15. n8n’s design assumes expressions behave as safe calculators, but they are executed as actual JavaScript code.

Step 3 – JavaScript Functions Have a Context (this)
Every JavaScript function executes within a this context. When a simple function like showThis() returns this, in a browser environment it might be window, but in a Node.js server environment, it typically exposes the global object, containing elements such as process, setTimeout, and others. In n8n, evaluating {{ (function () { return this })() }} would expose the Node.js runtime environment, including process, Buffer, and setTimeout. This indicates that the this context is not empty but a real object containing runtime internals.

Step 4 – Why this Is Dangerous on the Server
Verifying the type of this confirms it is an object, confirming its non-empty nature and its possession of runtime data. This object contains critical Node.js global components like process (for environment variables and execution context), require() (for module loading), and other core runtime APIs. As a result, expressions under attacker control can load Node.js core modules, execute operating system-level commands, access secrets and credentials, and modify runtime behavior. The expression, intended to be restricted, instead inherits the full Node.js global context.

Step 5 – How n8n Evaluates Expressions
Conceptually, n8n evaluates expressions using a mechanism similar to JavaScript’s eval() function, which executes code within the full execution context. If evaluateExpression("2 + 2") returns 4, this demonstrates the direct execution.

Step 6 – this Inside an Evaluated Expression
Combining the execution context with the this exposure, if evaluateExpression runs an expression like (function () { return this })(), the result is the Node.js global object. This is the core of the CVE: the Node.js global object, improperly exposed, provides access to process, require(), and other critical runtime APIs. This allows attacker-controlled expressions to load Node.js core modules, execute OS-level commands, and access sensitive data, bypassing the intended sandbox.

Step 7 – What n8n Expected vs Reality
n8n expected expressions like {{ (function () { return 1 + 1 })() }} to return simple numerical results (e.g., 2). However, due to the vulnerability, an expression like {{ (function () { return this })() }} actually returned the Node.js global object, demonstrating that the expression successfully escaped its intended sandbox boundary.

How the Vulnerability Works

Step 1: Workflow Expression Evaluation
n8n utilizes JavaScript expressions, enclosed in {{ }}, to facilitate dynamic data processing and transformation within workflows. These expressions are evaluated server-side by Node.js during workflow execution.

  • Expected Behavior: Expressions should strictly operate on workflow data, without access to operating system resources, Node.js internals, or global objects. Their output should be safely returned to the workflow execution.
  • Actual Behavior (Vulnerable): Expressions execute within an improperly sandboxed context. User-controlled JavaScript gains access beyond mere workflow data, reaching Node.js runtime objects and internal APIs. This effectively breaks the boundary between “expression” and “server code.”

Step 2: Expression Injection
The vulnerability stems from the direct execution of expressions as JavaScript code rather than treating them as untrusted input. This permits an attacker to inject malicious logic instead of benign data manipulation.

  • Example (Malicious Expression): {{ require('child_process').execSync('id') }}. This payload is executed directly by Node.js when the workflow runs.
  • Why This Works: The require() function is available within the expression’s execution context. Node.js core modules are not adequately restricted, the expression engine fails to enforce a strict sandbox, and user-supplied expressions execute with the same privileges as the n8n service. This results in attacker-controlled input being processed as trusted server-side code.

Step 3: Code Execution (Internal Breakdown)

  • 1. Module Loading: require('child_process') loads Node.js’s built-in child_process module, designed for spawning and controlling OS-level processes. Access to this module should never be granted to untrusted input.
  • 2. Command Execution: execSync('id') executes the id command on the host operating system under the user account running the n8n service. This command executes synchronously, returning its output to JavaScript and subsequently back to the workflow.
  • 3. Example Output: uid=1000(n8n) gid=1000(n8n) groups=1000(n8n). This output confirms server-side command execution, attacker control over commands, and the exposure of the n8n process’s privilege level.

n8n Expression RCE Attack Flow

Step 1: Access
“Authenticated user creates or edits workflow”
This implies that an attacker does not require administrative or system-level access. Any user capable of creating or modifying workflows, including low-privileged users, those on shared n8n instances, compromised user accounts, or misconfigured deployments exposing editors, possesses sufficient permissions. Workflow editing is a standard feature, and no exploit is triggered at this stage, representing normal usage.

Step 2: Inject
“Attacker inserts specially crafted malicious expression into workflow”
The attacker inserts a JavaScript expression within {{ }}, but instead of standard data processing, the expression contains executable logic. An example payload is {{ require('child_process').execSync('id') }}. n8n treats this input as a valid expression without validation or sandbox enforcement, thus storing the malicious payload as part of the workflow.

Step 3: Escape
“Expression escapes intended sandbox environment”
This represents the core vulnerability. While expressions should only access workflow data and be denied access to Node.js internals or system APIs, the expression executes in an unsafe context. This grants access to require(), Node.js core modules, and global runtime objects, thereby bypassing the intended sandbox boundary. The underlying cause is insufficient isolation of the expression execution environment and a lack of restrictions on module loading and runtime access.

Step 4: Execute
“Arbitrary code execution with n8n process privilege”
The final outcome is the attacker executing operating system commands on the server. These commands run under the same OS user as the n8n process, as demonstrated by output such as uid=1000 (n8n) gid=1000(n8n). This allows the attacker to read/write files, access secrets and credentials, execute additional payloads, and potentially achieve full server compromise.

Steps to Reproduce

Step 1 – Authenticate to n8n
Log in to the n8n web interface using a valid account. The vulnerability requires only the ability to create or edit workflows; administrator access is not necessary. This highlights that low-privileged authenticated users can exploit the vulnerability, significantly increasing risk in shared or multi-tenant environments.

Step 2 – Create a New Workflow
After logging in, create a new workflow by selecting “Add workflow” and then “Start from scratch.” This creates a blank workflow. No special configuration or existing workflow is required; the exploit functions within a default workflow setup.

Step 3 – Add the First Node
Add a “Manual Trigger” node as the first step. The Manual Trigger allows for on-demand execution of the workflow, and the exploit is triggered during this normal workflow execution.

Step 4 – Add a Data Processing Node
Add an “Edit Fields (Set)” node after the Manual Trigger, ensuring it is connected.

Step 5 – Configure the Set Node
Open the Set node, add a new field of type “String,” and name it “result.” Crucially, click the “=” icon to enable “Expression Mode,” which instructs n8n to interpret the value as JavaScript code rather than static data.

Step 6 – Inject the Malicious Expression
In the value field for the “result” field, inject the following payload:
{{ (function(){ return this.process.mainModule.require('child_process').execSync('cat /etc/passwd').toString() })() }}
This payload is executed server-side by n8n’s JavaScript expression engine when the workflow runs. Instead of being treated as data, the expression is executed as code, allowing the attacker to escape the intended sandbox and execute arbitrary commands on the underlying operating system. This works because expressions are evaluated using Node.js, the execution context is not properly sandboxed, and the JavaScript this context resolves to the Node.js global object, making internal runtime APIs accessible.

Step 7 – Execute the Workflow
Click “Execute step” and observe the output produced by the Set node. The output will contain the result of the command executed on the underlying operating system. This confirms exploitation because the command runs on the server with the same privileges as the n8n process, and its output is returned directly to the workflow.

How We Identified CVE-2025-68613 Using Nuclei

The vulnerability was identified using a Nuclei template, CVE-2025-68613.yaml. This template operates by:

  • Sending a specially crafted request that injects a safe test expression.
  • Forcing the n8n expression engine to evaluate server-side code.
  • Analyzing the response for specific indicators of successful expression execution.

The scan was executed by supplying n8n URLs via a target file: nuclei -t CVE-2025-68613.yaml -l targets.txt. This method allows for systematic scanning across numerous instances to detect the presence of the vulnerability.

Real-World Impact

Exploitation of CVE-2025-68613 results in a complete breakdown of trust boundaries within n8n, granting attackers the same authority as the automation platform itself. Given n8n’s common role as a central orchestration layer, connecting internal systems, cloud services, and third-party APIs, the impact of compromise often extends across an entire organization. This vulnerability directly compromises the Confidentiality, Integrity, and Availability (CIA) triad, each at a HIGH severity level.

Confidentiality
A successful exploit provides an attacker with unrestricted visibility into data processed and stored by n8n workflows. This includes:

  • API keys, OAuth tokens, database credentials, and service secrets.
  • Environment variables containing encryption keys and internal access tokens.
  • Workflow execution logs and historical data.
  • Sensitive business, customer, employee, or patient data traversing automation pipelines.

This level of data exposure necessitates a comprehensive cyber threat intelligence platform to detect and respond to such exfiltration attempts. Organizations must consider how their brand leak alerting systems would react to such a breach.

Integrity
Beyond data exposure, attackers can manipulate the automation logic, silently altering business processes. This could involve:

  • Modification of legitimate workflows to sabotage operations.
  • Injection of malicious expressions that corrupt or falsify data.
  • Manipulation of workflow outputs feeding downstream systems.
  • Deployment of persistent backdoors embedded within workflows, potentially leveraging underground forum intelligence or telegram threat monitoring to coordinate advanced persistent threats.

Availability
Arbitrary code execution permits attackers to intentionally disrupt or disable automation services through:

  • Deletion or disabling of mission-critical workflows.
  • Modification of system files leading to application instability or crashes.
  • Resource exhaustion via malicious automation loops.
  • Ransom-style attacks demanding payment to restore operations, highlighting the need for real-time ransomware intelligence and potentially a live ransomware API for swift response.

In industries like healthcare, this could lead to unauthorized access to Protected Health Information (PHI), tampering with medical records, suppression of critical alerts, and disruption of automated healthcare processes. Effective PurpleOps Solutions is therefore paramount.

Prevention and Security Best Practices for n8n

Addressing CVE-2025-68613 requires a multi-faceted approach, combining immediate patching with foundational security practices. PurpleOps advises both technical and non-technical stakeholders to implement these measures.

1. Keep n8n Updated

  • Primary Remediation – Upgrade to Patched Versions: The definitive solution for CVE-2025-68613 is an immediate upgrade. n8n developers have implemented safeguards to prevent expressions from escaping their intended context. Upgrade to one of the following versions without delay across all n8n deployments: 1.120.4, 1.121.1, or 1.122.0 and later.
  • Enable automatic updates where feasible, and always test patches in a staging environment before deploying to production.

2. Access Control

  • Restrict Workflow Creation and Editing: Limit workflow creation and modification to a small, fully trusted group of users. Conduct regular audits of these permissions.
  • Use Principle of Least Privilege: Ensure that users, workflows, and processes possess only the minimum necessary access for their assigned roles.
  • Strong Authentication: Enforce strong passwords, enable two-factor authentication (2FA), and implement Single Sign-On (SSO) for enterprise deployments.
  • Regular Access Reviews: Periodically review user access and permissions to identify and address anomalies.

3. Temporary Mitigations (If Upgrade Is Not Immediately Possible)
These measures reduce risk but do not eliminate the vulnerability; they are for short-term use until an upgrade can be applied.

  • Environment Hardening: Run n8n with minimal operating system privileges, avoiding root or elevated accounts. Restrict outbound network connections to only essential services. Limit inbound access to the n8n interface to trusted IP addresses or via a VPN. Deploy n8n within containers (Docker) or virtual machines (VMs) with minimal OS installations for added isolation.

4. Workflow Management

  • Review workflows for suspicious logic or unexpected expressions.
  • Implement a code review process for all workflows containing custom expressions.
  • Use clear naming conventions to identify critical workflows.
  • Regularly back up workflows to prevent data loss or tampering.

5. Credential Management

  • Never embed credentials directly in workflows.
  • Use environment variables for all sensitive data.
  • Rotate credentials regularly to limit exposure.
  • Audit access to all credentials utilized by n8n.

6. Monitoring and Logging

  • Enable comprehensive audit logging for workflows, expression evaluations, and administrative actions.
  • Monitor for unusual activities or failed access attempts.
  • Set up alerts for suspicious operations to facilitate prompt response.
  • Regularly review and analyze logs to detect potential compromise, complementing advanced PurpleOps Solutions systems.

7. Network Security

  • Deploy n8n in isolated network segments.
  • Restrict network access to only required services.
  • Utilize VPN or firewall protections for remote access.
  • Monitor network traffic for anomalies or unauthorized connections, which can be critical for detecting dark web monitoring service or telegram threat monitoring related data exfiltration.

8. Incident Response

  • Maintain a documented incident response plan.
  • Define clear escalation procedures for security events.
  • Conduct regular security drills to ensure preparedness.

Conclusion

CVE-2025-68613 is a critical vulnerability within n8n’s expression evaluation engine that allows authenticated users, even those with minimal privileges, to execute arbitrary code on the server. This bypasses intended sandboxing, exposing the Node.js runtime, workflows, and the underlying system to full compromise.

The vulnerability carries severe consequences across confidentiality, integrity, and availability: sensitive data can be exfiltrated, workflows can be modified or corrupted, and critical automation processes can be disrupted. Real-world impacts range from regulatory violations and financial losses to reputational damage and operational paralysis across various industries.

The definitive remediation is an immediate upgrade to patched versions 1.120.4, 1.121.1, or 1.122.0 and later. While temporary mitigations-such as restricting workflow creation and enforcing least privilege-can reduce exposure, they do not eliminate the risk. PurpleOps emphasizes the importance of a layered security approach, incorporating continuous vulnerability assessment and advanced threat intelligence to protect critical infrastructure.

PurpleOps specializes in helping organizations navigate complex cybersecurity threats like CVE-2025-68613. Our cyber threat intelligence platform provides contextual awareness of emerging threats and attacker methodologies. Through our PurpleOps Solutions services, we identify and help remediate critical flaws before they can be exploited. Our dark web monitoring service and underground forum intelligence capabilities track threat actor discussions and early warnings of exploitation, including real-time ransomware intelligence that can inform proactive defenses against ransomware-style attacks. For comprehensive PurpleOps Solutions and PurpleOps Solutions, PurpleOps offers solutions designed to protect your most critical assets.

Explore how PurpleOps can enhance your security posture:

FAQ

Q1: What is CVE-2025-68613?
A1: CVE-2025-68613 is a critical Remote Code Execution (RCE) vulnerability with a CVSS score of 9.9, affecting the n8n workflow automation platform. It allows attackers to inject malicious JavaScript expressions into workflows, leading to arbitrary code execution on the server.

Q2: Who can exploit this vulnerability?
A2: Any authenticated user with privileges to create or edit workflows can exploit CVE-2025-68613. This includes low-privileged users, making it a significant risk in shared or multi-tenant n8n environments.

Q3: Which n8n versions are affected, and how can I patch it?
A3: All n8n versions from 0.211.0 up to 1.120.3, version 1.121.0, and early 1.122.x releases are vulnerable. The issue has been resolved in versions 1.120.4, 1.121.1, and 1.122.0 and later. Immediate upgrade to one of these patched versions is the primary remediation.

Q4: What are the real-world impacts of exploiting CVE-2025-68613?
A4: Exploitation can lead to a complete compromise of the n8n instance and the underlying server. This results in severe confidentiality breaches (exfiltration of sensitive data like API keys, credentials), integrity issues (workflow tampering, data corruption), and availability disruptions (service outages, ransomware attacks). Its impact extends across an organization’s entire IT supply chain.

Q5: What security best practices should I follow for n8n?
A5: Beyond immediate patching, implement strong access controls (least privilege, 2FA, SSO), harden the n8n environment, regularly review workflows for suspicious logic, manage credentials securely (environment variables, rotation), enable comprehensive monitoring and logging, and enforce network security measures. A robust incident response plan is also crucial.