CVE-2025-68668
Sandbox Bypass vulnerability in n8n (npm)

Sandbox Bypass No known exploit

What is CVE-2025-68668 About?

This sandbox bypass vulnerability exists in the Python Code Node of n8n when using Pyodide. Authenticated users with workflow creation/modification permissions can execute arbitrary commands on the host system, granting them the same privileges as the n8n process. Its exploitation requires specific user privileges and configuration, making it moderately easy to exploit.

Affected Software

n8n >=1.0.0, <2.0.0

Technical Details

The vulnerability stems from an insecure sandbox implementation within the Python Code Node of n8n, specifically when it utilizes Pyodide. An authenticated user who possesses the permissions to create or modify workflows can exploit this flaw. By crafting malicious Python code within the Code Node, the user can achieve a sandbox bypass. This bypass allows them to execute arbitrary commands directly on the underlying host system, operating with the same privileges as the n8n process itself. This mechanism essentially breaks the intended isolation, turning an application-level threat into a system-level compromise.

What is the Impact of CVE-2025-68668?

Successful exploitation may allow attackers to execute arbitrary system commands, leading to full system compromise, data exfiltration, or denial-of-service.

What is the Exploitability of CVE-2025-68668?

Exploitation of this vulnerability requires an authenticated user with permissions to create or modify workflows. The complexity is moderate, as it relies on the Python Code Node using Pyodide and the absence of task runner-based native Python implementation or specific environment variables to disable it. This is a remote vulnerability but requires specific user privileges. There are no special hardware or software prerequisites beyond the vulnerable n8n setup. The likelihood of exploitation increases if N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER are not configured to enable the more secure native Python runner, or if Python support is not disabled via N8N_PYTHON_ENABLED=false, particularly in self-hosted environments where workflow editors are not fully trusted.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2025-68668?

Available Upgrade Options

  • n8n
    • >=1.0.0, <2.0.0 → Upgrade to 2.0.0

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2025-68668?

Similar Vulnerabilities: CVE-2023-38600 , CVE-2022-23529 , CVE-2021-39181 , CVE-2020-1748 , CVE-2020-0796

All Rights reserved 2025
Privacy Policy