Arbitrary Command Execution in n8n by n8n-io
CVE-2025-71380
8.7HIGH
What is CVE-2025-71380?
The Execute Command node in n8n allows authenticated users to run arbitrary commands on the underlying host system. This vulnerability can be exploited by attackers with valid user credentials, granting them the ability to execute malicious commands. Such exploitation can lead to severe consequences, including unauthorized data access, service interruptions, and potential total compromise of the system. Mitigation strategies should focus on limiting access to the Execute Command node and implementing robust credential management practices.
Affected Version(s)
n8n 0 <= 1.114.4
