2.0.1
2.0.0
CVE-2025-68697 describes an Arbitrary File Access vulnerability in n8n, a workflow automation platform. This vulnerability allows authenticated users with workflow editing access to read and write files on the n8n host system, potentially leading to data breaches or system compromise. The vulnerability affects self-hosted n8n instances running in legacy JavaScript execution mode and is fixed in version 2.0.0.
An attacker exploiting this vulnerability could gain unauthorized access to sensitive files stored on the n8n host. This includes configuration files, database backups, and potentially other application data. The ability to write files allows for further malicious actions, such as overwriting critical system files or injecting malicious code. The scope of the attack is limited by file-access restrictions configured within the n8n instance and the underlying operating system/container permissions. Successful exploitation requires an authenticated user with workflow editing privileges, making it a privilege escalation concern within the n8n environment.
This vulnerability was publicly disclosed on December 26, 2025. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept exploits are not currently available, but the vulnerability's nature suggests a moderate likelihood of exploitation if a PoC is released. The vulnerability's reliance on authenticated access limits its immediate widespread impact.
Organizations utilizing self-hosted n8n instances, particularly those relying on legacy JavaScript execution mode within the Code node, are at risk. Environments with relaxed file-access restrictions or shared hosting configurations are especially vulnerable, as they may provide broader access to the underlying file system.
• nodejs / server: Monitor n8n logs for unusual file access patterns or attempts to invoke internal helper functions from within the Code node. Use lsof or fuser to identify processes accessing sensitive files.
lsof /path/to/sensitive/file• nodejs / server: Review n8n workflow configurations for suspicious Code node scripts that might attempt to access or modify files outside of the intended scope.
grep -r 'require('fs')' /path/to/n8n/workflows• generic web: Examine n8n server access logs for requests originating from authenticated users with workflow editing privileges that exhibit unusual file access patterns.
disclosure
漏洞利用状态
EPSS
0.02% (5% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-68697 is to upgrade to n8n version 2.0.0 or later, which addresses the vulnerable code execution path. If upgrading is not immediately feasible, consider disabling the legacy JavaScript execution mode within the Code node configuration. Additionally, ensure that file-access restrictions are properly configured within the n8n instance to limit the potential impact of a successful exploit. Review and tighten OS-level permissions on the n8n host to further restrict file access. There are no specific WAF rules or detection signatures readily available for this vulnerability, making proactive monitoring and timely patching crucial.
升级 n8n 到 2.0.0 或更高版本。 另外,通过将 N8N_RESTRICT_FILE_ACCESS_TO 配置为专用目录来限制文件操作,并确保该目录不包含敏感数据。 保持 N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES=true 以阻止对 .n8n 和用户定义的配置文件访问。 如果您不完全信任工作流编辑器,请使用 NODES_EXCLUDE 禁用高风险节点(包括 Code 节点)。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-68697 is a HIGH severity vulnerability in n8n allowing authenticated workflow editors to read/write files on the host system if using legacy JavaScript execution mode. It impacts versions prior to 2.0.0.
You are affected if you are running a self-hosted n8n instance with a version prior to 2.0.0 and are using the legacy JavaScript execution mode in the Code node.
Upgrade to n8n version 2.0.0 or later. As a temporary workaround, disable the legacy JavaScript execution mode in the Code node configuration.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests a potential risk if a public proof-of-concept is released.
Refer to the official n8n security advisories on their website or GitHub repository for the latest information and updates regarding CVE-2025-68697.