A major security flaw has been detected in the n8n automation platform, potentially exposing thousands of systems worldwide to attacks. This vulnerability, which could allow unauthorized code execution, poses a direct threat to organizations using this software to manage their business processes. Discover the details of this flaw and the measures to take to secure your systems.
The 3 must-know facts
– A critical vulnerability has been identified in the n8n platform, allowing arbitrary code execution.
– The flaw affects all versions from 0.211.0 to 1.120.3 inclusive, and its patch is available starting from version 1.120.4.
– More than 103,000 environments are exposed, with 10,150 vulnerable installations in France.
Understanding the n8n security flaw
The n8n automation platform is under the spotlight due to a critical vulnerability identified under the code CVE-2025-68613. This security flaw, which received an alarming CVSS score of 9.9 out of 10, was highlighted by a security researcher. It could allow an attacker to exploit code execution in an insufficiently secured environment.
Concretely, this flaw occurs when a user, during the configuration of a workflow, inserts code or instructions that can be executed with elevated privileges. This gives an attacker the ability to exploit the system with the same rights as the n8n process.
Affected versions and available patch
All versions of n8n from 0.211.0 to 1.120.3 inclusive are affected by this security issue. Developers quickly responded by releasing patches in versions 1.120.4, 1.121.1, and 1.122.0. System administrators are therefore strongly encouraged to proceed with this update without delay to protect their infrastructures.
Immediate security recommendations
For those who cannot apply the update immediately, it is advised to restrict the creation and modification of workflows to trusted users only. Additionally, running n8n in a highly secured environment with limited system rights and network access is strongly recommended to mitigate potential risks.
Global impact and situation in France
According to data provided by Censys, the security flaw could affect more than 103,000 n8n deployments worldwide. The United States, Germany, and France are among the most affected countries, with 28,000, 17,651, and 10,150 vulnerable installations respectively. This figure underscores the importance for French organizations to take swift measures to secure their systems.
About n8n
Launched in 2019, n8n is an open-source workflow automation platform that allows users to connect various applications and services to automate complex tasks. Known for its flexibility and ability to be self-hosted, n8n has gained popularity among developers and businesses looking to streamline their business processes. The recent vulnerability highlights the security challenges inherent in widely deployed software systems and the importance of ongoing vigilance in cybersecurity.