プラットフォーム
nodejs
コンポーネント
n8n
修正版
2.0.1
2.0.0
CVE-2025-68697 describes an Arbitrary File Access vulnerability in n8n, a workflow automation platform. This vulnerability allows authenticated users with workflow editing access to read and write files on the n8n host system, potentially leading to data breaches or system compromise. The vulnerability affects self-hosted n8n instances running in legacy JavaScript execution mode and is fixed in version 2.0.0.
An attacker exploiting this vulnerability could gain unauthorized access to sensitive files stored on the n8n host. This includes configuration files, database backups, and potentially other application data. The ability to write files allows for further malicious actions, such as overwriting critical system files or injecting malicious code. The scope of the attack is limited by file-access restrictions configured within the n8n instance and the underlying operating system/container permissions. Successful exploitation requires an authenticated user with workflow editing privileges, making it a privilege escalation concern within the n8n environment.
This vulnerability was publicly disclosed on December 26, 2025. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are not currently available, but the vulnerability's nature suggests a moderate likelihood of exploitation if a PoC is released. The vulnerability's reliance on authenticated access limits its immediate widespread impact.
Organizations utilizing self-hosted n8n instances, particularly those relying on legacy JavaScript execution mode within the Code node, are at risk. Environments with relaxed file-access restrictions or shared hosting configurations are especially vulnerable, as they may provide broader access to the underlying file system.
• nodejs / server: Monitor n8n logs for unusual file access patterns or attempts to invoke internal helper functions from within the Code node. Use lsof or fuser to identify processes accessing sensitive files.
lsof /path/to/sensitive/file• nodejs / server: Review n8n workflow configurations for suspicious Code node scripts that might attempt to access or modify files outside of the intended scope.
grep -r 'require('fs')' /path/to/n8n/workflows• generic web: Examine n8n server access logs for requests originating from authenticated users with workflow editing privileges that exhibit unusual file access patterns.
disclosure
エクスプロイト状況
EPSS
0.02% (5% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-68697 is to upgrade to n8n version 2.0.0 or later, which addresses the vulnerable code execution path. If upgrading is not immediately feasible, consider disabling the legacy JavaScript execution mode within the Code node configuration. Additionally, ensure that file-access restrictions are properly configured within the n8n instance to limit the potential impact of a successful exploit. Review and tighten OS-level permissions on the n8n host to further restrict file access. There are no specific WAF rules or detection signatures readily available for this vulnerability, making proactive monitoring and timely patching crucial.
n8nをバージョン2.0.0以降にアップデートしてください。代替案として、N8N_RESTRICT_FILE_ACCESS_TOを専用ディレクトリに設定し、機密データが含まれていないことを確認してください。機密性の高い.n8nファイルやユーザー定義設定ファイルへのアクセスをブロックするために、N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=trueを設定してください。ワークフローエディタを完全に信頼できない場合は、NODES_EXCLUDEを使用して高リスクノード(Codeノードを含む)を無効にしてください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-68697 is a HIGH severity vulnerability in n8n allowing authenticated workflow editors to read/write files on the host system if using legacy JavaScript execution mode. It impacts versions prior to 2.0.0.
You are affected if you are running a self-hosted n8n instance with a version prior to 2.0.0 and are using the legacy JavaScript execution mode in the Code node.
Upgrade to n8n version 2.0.0 or later. As a temporary workaround, disable the legacy JavaScript execution mode in the Code node configuration.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests a potential risk if a public proof-of-concept is released.
Refer to the official n8n security advisories on their website or GitHub repository for the latest information and updates regarding CVE-2025-68697.