A significant security vulnerability has been discovered in n8n, an open-source workflow automation platform, which allows authenticated users to execute arbitrary system commands on the host machine. This vulnerability, assigned the identifier CVE-2025-68668, has a high severity score of 9.9 on the CVSS scale and is classified as a failure in protective measures.
The flaw impacts versions of n8n from 1.0.0 to just below 2.0.0. It enables users who have permission to create or modify workflows to run any operating system commands on the server running n8n. A recent advisory released by the n8n team notes that the issue arises from a vulnerability in the Python Code Node utilizing Pyodide.
In response to this, n8n has released version 2.0.0, which includes fixes for this critical issue. Additionally, in an effort to enhance security isolation, n8n introduced a new task runner-based native Python implementation in version 1.111.0, which can be activated through certain environment variable configurations. With version 2.0.0, this feature has become the default setting.
For users still on earlier versions, n8n has provided several recommended workarounds:
- Disable the Code Node by adjusting the environment variables.
- Turn off Python support in the Code Node.
- Set n8n to utilize the task runner-based Python sandbox.
This disclosure comes shortly after n8n addressed another serious vulnerability, CVE-2025-68613, with a similar CVSS score, which also posed risks for arbitrary code execution under certain circumstances.
As awareness of this vulnerability increases, users are urged to upgrade to the latest version to secure their installations against potential exploits.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.