CVE-2025-71380
n8n · n8n
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system, potentially leading to full system compromise.
Executive summary
An arbitrary command execution vulnerability in n8n allows authenticated users to gain unauthorized control over the underlying host system.
Vulnerability
This vulnerability exists within the "Execute Command" node of the n8n automation platform. It allows an authenticated user to craft malicious inputs that trigger arbitrary command execution on the host operating system, effectively bypassing application-level restrictions.
Business impact
A CVSS score of 8.8 indicates a critical threat where an attacker can achieve remote code execution (RCE) on the server hosting the automation platform. This could lead to complete system compromise, lateral movement within the network, and the theft of sensitive credentials or data processed by n8n workflows.
Remediation
Immediate Action: Update the n8n platform to the latest version provided by the vendor which addresses command injection risks.
Proactive Monitoring: Monitor host system logs for unusual process execution, such as unexpected shell commands or connections originating from the n8n service account.
Compensating Controls: Run the n8n instance within a containerized environment with restricted privileges and minimal system access to limit the impact of potential RCE.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the high CVSS severity and the potential for full host compromise, immediate patching is required. Security teams should prioritize restricting the permissions of the user account running the n8n service to follow the principle of least privilege while awaiting the update.