A critical security vulnerability in the n8n workflow automation platform allows authenticated users to execute arbitrary system commands through crafted expressions, bypassing previous security fixes and potentially compromising servers.
A critical security vulnerability has been discovered in the popular n8n workflow automation platform that could allow attackers to execute arbitrary system commands on servers running the software. The flaw, tracked as CVE-2026-25049 with a CVSS score of 9.4, stems from inadequate sanitization that bypasses safeguards implemented to address a previous critical defect.
The Vulnerability Chain
The newly disclosed vulnerability is actually a bypass for CVE-2025-68613, another critical flaw patched by n8n in December 2025 with a CVSS score of 9.9. According to n8n's maintainers, "Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613."
Security researchers have noted that these two vulnerabilities are closely related. "They could be considered the same vulnerability, as the second one is just a bypass for the initial fix," explained Fatih Çelik, who reported the original bug. This highlights a common challenge in security patching where fixes for complex vulnerabilities can be circumvented through creative exploitation techniques.
Technical Details of the Attack
The vulnerability arises from a fundamental mismatch between TypeScript's compile-time type system and JavaScript's runtime behavior. As Endor Labs' Cris Staicu explained, "While TypeScript enforces that a property should be a string at compile time, this enforcement is limited to values that are present in the code during compilation. TypeScript cannot enforce these type checks on runtime attacker-produced values."
This means that when attackers craft malicious expressions at runtime, they can pass non-string values such as objects, arrays, or symbols that bypass the sanitization check entirely. The attack vector is particularly concerning because it requires only basic workflow creation permissions.
Attack Scenario
According to SecureLayer7's analysis, the attack follows a straightforward pattern:
- An attacker creates a workflow with a publicly accessible webhook that has no authentication enabled
- By adding a single line of JavaScript using destructuring syntax, the workflow can be abused to execute system-level commands
- Once exposed, anyone on the internet can trigger the webhook and run commands remotely
Pillar Security's Eilon Cohen emphasized the simplicity of the attack: "The attack requires nothing special. If you can create a workflow, you can own the server."
Potential Impact
Successful exploitation of this vulnerability could lead to severe consequences:
- Complete server compromise
- Credential theft and sensitive data exfiltration
- Installation of persistent backdoors for long-term access
- Ability to steal API keys, cloud provider keys, database passwords, and OAuth tokens
- Filesystem and internal system access
- Pivoting to connected cloud accounts
- Hijacking of artificial intelligence workflows
Affected Versions and Patches
The vulnerability affects the following versions:
- All versions below 1.123.17 (fixed in 1.123.17)
- All versions below 2.5.2 (fixed in 2.5.2)
Mitigation Strategies
For organizations unable to immediately patch their n8n installations, several mitigation strategies are recommended:
- Restrict workflow creation and editing permissions to fully trusted users only
- Deploy n8n in a hardened environment with restricted operating system privileges and network access
- Monitor workflow creation activities for suspicious patterns
- Implement network segmentation to limit potential damage if compromise occurs
Endor Labs emphasized the broader lesson from this vulnerability: "This demonstrates why multiple layers of validation are crucial. Even if one layer (TypeScript types) appears strong, additional runtime checks are necessary when processing untrusted input."
Industry Response
The vulnerability was discovered through collaborative efforts by multiple security researchers, including:
- Fatih Çelik (original reporter of CVE-2025-68613)
- Cris Staicu from Endor Labs
- Eilon Cohen from Pillar Security
- Sandeep Kamble from SecureLayer7
Their coordinated disclosure approach allowed n8n's maintainers to develop comprehensive fixes addressing both the initial vulnerability and its subsequent bypass.
Lessons for Developers
This incident serves as a reminder for developers working with workflow automation platforms and similar systems:
- Never rely solely on compile-time type checking for security
- Implement robust runtime validation for all user-supplied data
- Consider the security implications of expression evaluation features
- Regularly audit and test security controls, especially after patching known vulnerabilities
- Assume that determined attackers will find ways to bypass single-layer protections
As workflow automation becomes increasingly prevalent in modern software development and operations, ensuring the security of these platforms is critical. This vulnerability demonstrates how even well-intentioned security measures can be circumvented when fundamental assumptions about type safety are violated at runtime.
Organizations using n8n should prioritize applying the available patches immediately and review their workflow permissions and configurations to minimize exposure to potential exploitation attempts.
Comments
Please log in or register to join the discussion