CVE-2025-68613: Critical RCE in n8n via expression injection

In the current AI gold rush, teams are rapidly standing up automation, AI orchestration, and integration platforms to move faster. In many cases, speed comes at the expense of visibility and security. This is where external attack surface management becomes critical.

IONIX can identify and continuously monitor a wide range of AI-related and automation assets exposed to the internet, helping organizations understand what they are running, where it is exposed, and what risks it introduces.

A critical vulnerability tracked as CVE-2025-68613 affects n8n, an open-source workflow automation platform. Under certain conditions, authenticated users can supply workflow expressions that get evaluated in a context that is not sufficiently isolated, leading to remote code execution (RCE) with the privileges of the n8n process.

TL;DR

• What: Expression injection leading to RCE in n8n’s workflow expression evaluation
• Severity: Critical, CVSS v3.1 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
• Who is at risk: Organizations running vulnerable n8n versions, especially where n8n is reachable from the internet and workflow creation or editing is not tightly restricted
• Fix: Upgrade to a patched version: 1.120.4, 1.121.1, or 1.122.0 and newer
• Extra urgency: Public reporting highlights widespread exposure, and public proof of concept code and scanning guidance have been published

What is n8n and why it matters

n8n is a workflow automation platform that often ends up with highly privileged connectivity: API keys, databases, SaaS integrations, internal webhook endpoints, and automation that bridges systems. That makes RCE particularly dangerous. It is not only a server compromise, it can become a pivot point into the rest of your environment.

Vulnerability overview

The core issue is in n8n’s workflow expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime, enabling code execution as the n8n process.

Affected versions

• Affected: versions greater than or equal to 0.211.0 and lower than 1.120.4
• Also affected: versions greater than or equal to 1.121.0 and lower than 1.121.1
• Patched: 1.120.4, 1.121.1, 1.122.0 and later

Real-world exposure and why defenders should move fast

Public reporting in late December 2025 noted a large number of potentially vulnerable internet-facing n8n instances identified via internet scanning data. This highlights how quickly a vulnerability like this can shift from a theoretical risk to a broadly exploitable target.

In parallel, public GitHub repositories have published proof of concept material and scanning guidance. While we will not repeat exploitation steps here, the availability of this material generally increases the likelihood of opportunistic exploitation and mass scanning shortly after disclosure.

How to know if you are exposed

Start with these questions:

1. Do we run n8n at all? Include official environments, temporary proofs of concept, and shadow IT deployments.
2. Is it reachable from the internet? Many teams expose n8n to support inbound webhooks or remote administration. If it is internet-facing, treat patching as urgent.
3. What version is it? If it falls into the affected ranges above, prioritize an immediate upgrade.

Mitigation and remediation

Patch first

The recommended action is to upgrade n8n to a patched release: 1.120.4, 1.121.1, or 1.122.0 and newer.

Short-term containment if you cannot patch immediately

If immediate patching is not possible, temporary risk reduction steps include:

• Restrict workflow creation and editing to fully trusted users only
• Run n8n in a hardened environment with limited operating system privileges and restricted network access to reduce blast radius

These steps can reduce exposure, but they do not fully eliminate the underlying risk.

What to monitor

While patching is the priority, defenders should also increase visibility around:

• New or unexpected n8n deployments becoming internet-facing
• Permission changes that broaden who can create or edit workflows
• Outbound connections from n8n hosts to unusual or unexpected destinations
• Access to secrets and environment variables on the n8n host, where integration credentials are often stored

Where IONIX fits

From an external exposure perspective, the fastest path to reducing risk is knowing whether you have internet-facing n8n instances, where they are hosted, and how they are configured.

IONIX helps teams by:

• Discovering internet-facing services and fingerprinting exposed technologies and versions using external signals, then correlating them with known vulnerabilities
• Prioritizing remediation using a risk-based model that incorporates vulnerability severity and exploitability context

Conclusion

CVE-2025-68613 is a high-impact vulnerability that highlights the risks of exposing powerful automation and AI-adjacent platforms to the internet without strict controls. As organizations rush to deploy AI-driven workflows, agents, and integrations, security visibility often lags behind innovation.

In this environment, it is especially important to know which AI-related and automation assets are internet-facing, how they are configured, and whether they are affected by newly disclosed vulnerabilities. IONIX helps security teams regain control during the AI gold rush by identifying exposed AI and automation services across the external attack surface and prioritizing the risks that matter most.

By combining continuous asset discovery with vulnerability intelligence, organizations can move fast with AI while avoiding the hidden exposures that attackers are actively looking for.