Critical N8n Vulnerability Allows Arbitrary Command Execution (CVE-2025-68668)

The open‑source workflow automation platform n8n has become a backbone for integrating SaaS applications, APIs, and custom scripts in enterprises of all sizes. A newly disclosed flaw, CVE‑2025‑68668, exploits a sandbox bypass in the Python Code Node that relies on Pyodide, allowing an authenticated user with workflow‑edit rights to invoke arbitrary operating‑system commands on the host. With a CVSS base score of 9.9, the vulnerability sits at the top of the critical severity tier, raising immediate concerns for any deployment that processes sensitive credentials or data.

The exploit works because the Python Code Node executes user‑supplied code inside a Pyodide‑based container that was assumed to be isolated. In practice, the container shares the same process privileges as the n8n service, so a crafted script can escape the sandbox and run shell commands such as ‘curl’, ‘wget’, or privilege‑escalation tools. Although the attacker does not gain higher system rights than the n8n process, the ability to read environment variables, access stored API keys, and pivot laterally makes the flaw a potent entry point for broader compromise.

n8n addressed the issue in version 2.0.0 by replacing the Pyodide sandbox with a task‑runner‑based native Python executor, which runs in a separate process and can be locked down with standard Linux isolation mechanisms. Administrators of legacy installations can mitigate risk by disabling the Code Node (NODES_EXCLUDE) or turning off Python support (N8N_PYTHON_ENABLED=false) while they plan an upgrade. The rapid disclosure and high severity underscore the need for continuous dependency monitoring and strict role‑based access controls in automation platforms, as similar flaws are emerging across the low‑code ecosystem.