Code Execution Vulnerability in n8n Workflow Automation Platform by n8n
CVE-2025-68697

7.1HIGH

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-68697?

The n8n workflow automation platform, before version 2.0.0, is vulnerable due to the Code node operating in a legacy execution mode. Authenticated users with access to edit workflows can utilize internal functions, allowing them to interact with the host system and execute unauthorized actions that may compromise file integrity. This issue poses significant security risks, including unauthorized file reading and writing, contingent upon the user permissions set within the operating system or container environment. To mitigate these risks, users are advised to upgrade to version 2.0.0, implement file access restrictions, and carefully manage the permissions granted to workflow editors.

Affected Version(s)

n8n < 2.0.0

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-j4...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Dec 23, 2025

JSON

N8n-io

What is CVE-2025-68697?

Affected Version(s)

References

CVSS V3.1

Timeline