Full Report
A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure. It affects n8n versions from
Analysis Summary
# Vulnerability: Critical RCE via Sandbox Bypass in n8n Python Code Node
## CVE Details
- CVE ID: CVE-2025-68668
- CVSS Score: 9.9 (Critical)
- CWE: Protection Mechanism Failure
## Affected Systems
- Products: n8n (Open-source workflow automation platform)
- Versions: 1.0.0 up to, but not including, 2.0.0
- Configurations: Affects installations utilizing the Python Code Node.
## Vulnerability Description
The vulnerability stems from a sandbox bypass flaw within the Python Code Node, which leverages Pyodide. An **authenticated attacker** who has permissions to create or modify workflows can exploit this flaw to execute arbitrary operating system commands on the host running n8n. The commands will execute with the same privileges as the n8n process itself.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but PoC is implied by the severity and disclosure context.
- Complexity: Not explicitly stated, but achieving remote command execution generally implies medium to low complexity for an authenticated user.
- Attack Vector: Local (Requires prior authentication to the n8n platform)
## Impact
- Confidentiality: High (Potential theft of system secrets)
- Integrity: High (Potential modification or corruption of system files)
- Availability: High (Potential denial of service or system compromise)
## Remediation
### Patches
- **Fixed in n8n version 2.0.0 and later.**
- For users on versions prior to 2.0.0, enabling the enhanced task runner-based native Python implementation (introduced in v1.111.0) is recommended as an interim measure before updating to 2.0.0.
### Workarounds
If immediate patching to 2.0.0 is not possible, apply the following environment variable configurations:
1. **Disable the Code Node entirely:** Set `NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]"`
2. **Disable Python support in the Code Node:** Set `N8N_PYTHON_ENABLED=false`
3. **Enable Native Python Runner (if applicable):** Configure `N8N_RUNNERS_ENABLED` and `N8N_NATIVE_PYTHON_RUNNER` environment variables to use the more isolated task runner implementation.
## Detection
- **Pre-Patch Detection:** Monitor n8n process activity for unexpected outbound connections or execution of system binaries originating from workflows involving the Python Code Node.
- **Mitigation Implementation Detection:** Verify the presence and correct setting of the workaround environment variables (`NODES_EXCLUDE`, `N8N_PYTHON_ENABLED`).
## References
- Vendor Advisory (GitHub): hxxps://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v
- NVD Entry: hxxps://nvd.nist.gov/vuln/detail/CVE-2025-68668