A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure. Cyera Research Labs' Vladimir
For both cybersecurity and manufacturing, this means an immediate need to review and potentially re-architect AI-driven automation workflows to ensure that access to manufacturing systems and data is not exposed by vulnerable automation tools. In manufacturing, this could mean unauthorized access to control systems, leading to production disruptions or even sabotage. Cybersecurity firms must now consider n8n vulnerabilities when assessing and protecting AI/ML infrastructure.
Organizations using n8n for AI/ML workflows must immediately patch the vulnerability and implement robust security measures, including least privilege access, input validation, and regular security audits. Failure to do so could result in significant operational disruptions, data corruption, and compliance violations, necessitating costly incident response and remediation efforts.