CVE-2025-68668: n8n Sandbox Escape: When Python Breaks the Wasm Wall

#security #cve #cybersecurity

n8n Sandbox Escape: When Python Breaks the Wasm Wall

Vulnerability ID: CVE-2025-68668
CVSS Score: 9.9
Published: 2025-12-26

A critical sandbox bypass in the n8n workflow automation platform allows authenticated users to escape the Pyodide environment and execute arbitrary code on the host server. Rated CVSS 9.9, this vulnerability turns a standard workflow tool into a remote command execution terminal.

TL;DR

n8n versions prior to 2.0.0 implemented a Python 'Code Node' using Pyodide (Python in WebAssembly). Due to improper isolation, the Python environment retained access to the host Node.js runtime. Attackers with workflow-editing permissions can bridge this gap to execute system commands, effectively compromising the entire host and any secrets stored within n8n.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-693 (Protection Mechanism Failure)
Attack Vector: Network (Authenticated)
CVSS: 9.9 (Critical)
Impact: Remote Command Execution (RCE)
Vulnerable Component: Python Code Node (Pyodide)
Exploit Status: Trivial for Authenticated Users

Affected Systems

n8n workflow automation platform (versions < 2.0.0)
n8n: < 2.0.0 (Fixed in: 2.0.0)

Exploit Details

Research Analysis: The vendor advisory confirms the sandbox bypass via Pyodide.

Mitigation Strategies

Upgrade to n8n v2.0.0+
Enable Native Task Runners
Disable Python Code Node support

Remediation Steps:

Pull the latest n8n docker image: docker pull n8nio/n8n:latest
If upgrading is not possible, set environment variable N8N_PYTHON_ENABLED=false to disable the vulnerable component.
Alternatively, enable the isolated runner: Set N8N_RUNNERS_ENABLED=true and N8N_NATIVE_PYTHON_RUNNER=true.