A critical vulnerability has been discovered in n8n, the popular open-source workflow automation platform, enabling authenticated attackers to execute arbitrary commands on host systems.
The vulnerability, tracked as CVE-2025-68668, has been assigned a severe CVSS score of 9.9 out of 10, underscoring its high severity.
The security weakness stems from a sandbox-bypass issue in n8n’s Python Code Node, which uses Pyodide for code execution.
This flaw allows authenticated users with workflow-creation or modification permissions to bypass the intended security sandbox.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-68668 |
| Package | n8n (npm) |
| Severity | Critical (9.9/10 CVSS) |
| Affected Versions | ≥ 1.0.0 and < 2.0.0 |
| Vulnerability Type | Sandbox Bypass / Protection Mechanism Failure (CWE-693) |
| Attack Vector | Network |
| Impact | Arbitrary command execution on the host system |
Execute arbitrary commands directly on the host system running n8n, using the same privileges as the n8n process.
The vulnerability affects all n8n versions from 1.0.0 through 1.111.0, exposing a wide range of deployments to potential compromise.
The attack is low-complexity and requires no user interaction, requiring only network access and low-level authentication privileges.
Exploiting CVE-2025-68668 can lead to complete system compromise, as attackers can execute commands with n8n process privileges.
The vulnerability’s “Changed” scope classification indicates that the impact extends beyond the vulnerable component itself and may affect resources outside n8n’s security scope.
The weakness is categorized as CWE-693 (Protection Mechanism Failure), indicating that n8n’s security controls did not provide adequate defense against directed attacks targeting the Python execution environment.
n8n has addressed this critical vulnerability in version 2.0.0 by implementing a task-runner-based native Python execution model that provides enhanced isolation.
Organizations running affected versions should immediately upgrade to version 2.0.0 or later. According to n8n advisories posted on GitHub, organizations unable to upgrade immediately can mitigate risk by applying temporary workarounds.
Disable the Code Node entirely by setting the NODES_EXCLUDE environment variable to exclude n8n-nodes-base.code. Disable Python support by setting the environment variable N8N_PYTHON_ENABLED=false (available from version 1.104.0).
Use a sandboxed Python execution model by enabling the task runner–based Python sandbox through the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
