BLUF

A newly disclosed critical vulnerability in the n8n automation platform's Python Code Node allows an authenticated user to bypass the sandbox and execute arbitrary system commands, potentially leading to a full system compromise. Active exploitation is anticipated or possibly starting.

Executive Cost Summary

This cost analysis was developed by the CyberDax team using expert judgment and assisted analytical tools to support clarity and consistency.

For organizations affected by exploitation of CVE-2025-68668 in the n8n Python Code Node sandbox bypass:

• Low-end total cost: $900,000 – $1.3M
  (Rapid detection, limited workflow exposure, no data access confirmed)

• Typical expected range: $1.6M – $2.8M

• Upper-bound realistic scenarios: $3.5M – $5.5M
  (Production automation impact, extended investigation, compliance escalation)

Key cost driver:

Costs are driven less by immediate system outage and more by loss of confidence in automation trust boundaries. Authenticated sandbox escape forces organizations to re-validate workflow integrity, privilege models, and host-level assumptions, extending recovery timelines and increasing assurance, governance, and compliance expenses well beyond initial containment.

Potential Affected Sectors

·         Organizations using the n8n workflow automation platform in production environments

Potential Affected Countries

·         Global

Date of First Reported Activity

·         January 6, 2026

Date of Last Reported Activity Update

·         January 6, 2026

CVE-2025-68668

CVSS 3.1 Vector

·         (9.9) AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Nessus ID

·         There is currently no tenable plugin for CVE-2025-68668

Is this on the KEV list

·         Not at this time

What is the CISA patch by date?

·         This is not currently on the KEV list

Patching/Mitigation Data:

URL to patch information for CVE-2025-68668

·         hxxps://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v

APT Names

·         There have been no APT groups associated with CVE-2025-68668 at this time.

Associated Criminal Organization Names

·         There have been no criminal organizations associated with CVE-2025-68668 at this time

IOCs

Potential Host-Based Indicators

·         Unauthorized Command Execution

o   Monitor system logs for unexpected shell commands (e.g., sh, bash, powershell) or process spawning originating from the n8n process or its service user.

·         Privileged Process Spawning

o   Detection of n8n spawning child processes that access sensitive system files (e.g., /etc/shadow, credentials) or perform system-level operations.

·         Abnormal User Activity

o   Log entries showing a low-privileged authenticated user creating or modifying workflows that utilize the Python Code Node with Pyodide.

Tools Used in Campaign

·         None specified yet

TTPs

·         Execution

·         T1059.006 Command and Scripting Interpreter Python

o   The vulnerability is specifically triggered within the Python Code Node using Pyodide, where an attacker can craft malicious Python code to achieve execution.

·         T1203 Exploitation for Client Execution

o   The flaw stems from a sandbox bypass (Protection Mechanism Failure, CWE-693) that allows escaping the intended isolation to run system-level commands.

Tactic: Persistence / Privilege Escalation

·         T1068 Exploitation for Privilege Escalation

o   Successful exploitation allows a lower-privileged authenticated user to execute commands with the same system privileges as the n8n process itself, effectively escalating privileges on the host.

Tactic Defense Evasion

·         T1211 Exploitation for Defense Evasion

o   The attacker bypasses the internal sandbox environment (Pyodide) designed to restrict unauthorized system access.

Malware Names

·         There has been no malware associated with CVE-2025-68668 at this time.

Malware sample

·         There has been no malware associated with CVE-2025-68668 at this time.

Suggested rules /potential hunts

As a reminder, these are indicator rules. They are likely to be noisy.

For best results consider creating a data model and reviewing the traffic as a report.

Suricata

Monitor for unexpected shell invocations or common post-exploitation payloads (e.g., /bin/bash, powershell.exe) in traffic from the n8n server.

Suggested Rule Fragment:

suricata

alert tcp $N8N_SERVER any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Possible n8n Sandbox Bypass (CVE-2025-68668) Reverse Shell"; flow:established,to_server; content:"/bin/bash -i"; fast_pattern; classtype:attempted-admin; sid:2026001; rev:1;)

SentinelOne

Hunt for n8n process spawning shell or system utilities

ProcessParentNameDescription CONTAINS "n8n"

AND (

    ProcessName IN ("bash", "sh", "cmd.exe", "powershell.exe", "nc", "curl", "wget")

    OR ProcessCommandLine CONTAINS ANY ("/etc/passwd", "/etc/shadow", "whoami", "hostname", "id")

)

Alternative: Leverage existing "Potential Reverse Shell" platform detection rules for Python and Node processes.

Splunk

Hunt for Anomalous Process Execution (EDR Data)

splunk

index=endpoint sourcetype=sysmon parent_process_name IN ("node.exe", "n8n")

| stats count by process_name, process, host

| where NOT match(process, "known_good_workflow_scripts")

Search n8n application logs for frequent modifications to the "Python Code Node" by non-admin users

splunk

index=n8n_logs "codeNode" "python" "modified"

| stats count by user, workflow_id, _time

| sort - count

Delivery Method

·         Exploitation of the Python Code Node flaw by an authenticated (but potentially low-privilege) user.

Email Samples

·         Not applicable

References

NVD

·         hxxps://nvd.nist.gov/vuln/detail/CVE-2025-68668

SmartKeys

·         hxxps://www.smartkeyss.com/post/cve-2025-68668-breaking-out-of-the-python-sandbox-in-n8n

GitHub

·         hxxps://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v