CVE-2025-68668 n8n Vulnerability
Cybersecurity researchers have disclosed a severe new vulnerability in n8n, the popular open-source workflow automation platform. The flaw could allow an authenticated attacker to run arbitrary operating system commands on the underlying server, potentially leading to full system compromise.
The issue is tracked as CVE-2025-68668 and carries a CVSS score of 9.9, placing it firmly in the critical severity category. It has been classified as a protection mechanism failure.
Table of Contents
Who Is at Risk and Why It Matters
This vulnerability impacts n8n versions 1.0.0 up to (but not including) 2.0.0. Any authenticated user who has permission to create or modify workflows could exploit the flaw to execute system-level commands with the same privileges as the n8n process.
The weakness stems from a sandbox bypass in the Python Code Node that relies on Pyodide. By abusing this component, an attacker can escape the intended execution environment and interact directly with the host operating system.
The problem has been fully patched in n8n version 2.0.0.
Technical Breakdown: Python Sandbox Escape
According to the official advisory, the Python Code Node’s sandboxing controls were insufficient, enabling attackers to bypass restrictions and trigger arbitrary command execution. This dramatically increases the risk profile of affected systems, especially in environments where multiple users can design or edit workflows.
n8n’s Security Enhancements and Long-Term Fix
In response to broader sandboxing concerns, n8n introduced a task runner–based native Python execution model in version 1.111.0 as an optional, more securely isolated feature. This model can be enabled using the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.
With the release of version 2.0.0, this safer implementation is now enabled by default, effectively closing the vulnerability.
Recommended Mitigations for Unpatched Systems
Until upgrading to version 2.0.0 is possible, n8n advises applying the following temporary safeguards:
Disable the Code Node entirely by setting:
NODES_EXCLUDE: ['n8n-nodes-base.code']
Turn off Python support in the Code Node by setting:
N8N_PYTHON_ENABLED=false
Force use of the task runner–based Python sandbox via:
N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER
These steps significantly reduce the risk of sandbox escape and command execution.
Part of a Concerning Trend
This disclosure follows closely on the heels of another critical n8n vulnerability, CVE-2025-68613 (also rated 9.9 CVSS), which could likewise lead to arbitrary code execution under certain conditions. Together, these issues highlight the urgent need for administrators to prioritize upgrades and restrict workflow permissions.
