A severe security vulnerability in n8n, the rapidly growing open-source automation platform, has left thousands of self-hosted servers vulnerable to complete remote takeover. The flaw, tracked as CVE-2025-68613 and carrying a maximum CVSS score of 10, represents one of the most dangerous threats to emerge in the workflow automation space this year.
The timing couldn't be worse. n8n recently raised €55 million in Series B funding and now serves over 3,000 enterprise customers with approximately 200,000 active users. The platform's adoption has exploded throughout 2025, with major hosting providers like Hostinger, Kamatera, and ScalaHosting now offering dedicated n8n VPS plans as businesses rush to implement AI-powered automation workflows.
The vulnerability lies deep within n8n's expression evaluation system, where authenticated users can inject malicious code during workflow configuration.
Unlike typical security flaws that require complex exploitation chains, this weakness allows attackers with basic login credentials to execute arbitrary commands with full system privileges. Security researcher fatihhcelik discovered the flaw, which affects all n8n versions from 0.211.0 through 1.120.3.
What makes this particularly dangerous is the platform's deployment model. Many organizations choose n8n specifically for self-hosting capabilities to maintain data sovereignty and comply with regulations like GDPR. These self-hosted instances, if compromised, could expose sensitive internal workflows, API credentials for connected services, and potentially provide attackers with a foothold into corporate networks.
The attack vector is deceptively simple. An attacker needs only valid user credentials—which could be obtained through phishing, credential stuffing, or exploiting weak passwords on exposed instances. Once authenticated, they can craft specially designed workflow expressions that break out of n8n's execution sandbox. From there, full system compromise follows: data exfiltration, workflow manipulation, lateral movement across networks.
n8n responded swiftly, releasing patched versions 1.122.0, 1.121.1, and 1.120.4 within hours of disclosure. The company has implemented additional runtime safeguards to isolate expression evaluation from the underlying system.
However, with many organizations running n8n on VPS or cloud hosting environments where manual updates are required, the patching process may lag.
For administrators unable to immediately upgrade, n8n recommends strict access controls: limit workflow creation and editing permissions exclusively to trusted users, deploy instances in hardened environments with restricted OS privileges, and implement network segmentation. These measures, while helpful, represent incomplete protection against a vulnerability this severe.
The incident highlights a broader challenge as automation platforms become critical infrastructure. Around 75% of n8n's customers now use the platform's AI integration features, connecting it to language models, vector databases, and proprietary systems. A compromised n8n instance isn't just a server breach—it's a potential gateway to an organization's entire automation ecosystem.
Organizations running n8n should treat this as a drop-everything priority. Check your version immediately (navigate to Settings → About), schedule maintenance windows for testing, and upgrade to version 1.122.0 or later. For those on older versions, the jump to 1.120.4 or 1.121.1 provides equivalent protection. Audit workflow permissions, review authentication logs for suspicious activity, and consider implementing additional monitoring on n8n servers until patches are deployed.
As workflow automation becomes indispensable, vendors and users alike must recognize these platforms as high-value attack surfaces. n8n's rapid response deserves credit, but this incident serves as a wake-up call: the tools connecting our digital operations require the same security rigor we apply to databases, authentication systems, and production infrastructure.