Nearly 8,000 n8n systems currently operating in Vietnam are exposed to a critical security vulnerability, placing Vietnam among the top 10 countries with the highest risk level. Globally, more than 200,000 n8n systems face a similar threat.

n8n is a workflow automation solution that enables connections between platforms such as Gmail, Zalo, Excel, databases, and more, and is widely used by enterprises. n8n is often deployed at the core of IT infrastructure, playing a critical role in system operations as well as the processing and movement of an organization’s sensitive data. On average, n8n records approximately 57,000 new downloads per week.

The vulnerability affecting n8n has been assigned CVE-2025-68613, with a CVSS score of 9.9/10—classified as critical. It impacts n8n versions from 0.211.0 up to, but not including, version 1.120.4.

According to Bkav cybersecurity experts, with only a standard n8n account, attackers can exploit this flaw to interfere with the system’s processing mechanisms and execute arbitrary code on the server. As a result, attackers may take full control of the n8n system and the resources it is authorized to access, including email, customer data, order information, and financial data, as well as modify or sabotage automated workflows. Under certain conditions, the vulnerability can also serve as a stepping stone for deeper intrusion into an enterprise’s internal infrastructure, directly affecting business operations, causing service disruption, data loss, or leakage of critical information.

Le Tien Thinh, a cybersecurity expert at Bkav, stated: “Within enterprise infrastructure, n8n plays a central role. A compromise of n8n means that the entire related system is placed in a state of serious risk. We have observed exploit code for this vulnerability appearing on the Internet, and the flaw is already being actively exploited on a wide scale.”

Given the severity of the issue, Bkav recommends that organizations and enterprises immediately review and verify the n8n version they are running, and take the following actions:

• Immediately update to the latest patched version.

• Restrict exposure of the system’s login page to the Internet.

• Deploy the system in an isolated environment, strictly control user access permissions, and strengthen security monitoring to promptly detect abnormal signs.

• Use licensed security monitoring solutions and antivirus software to detect intrusion risks early, issue timely alerts, and minimize system risks. Note that default security layers built into devices are insufficient to counter increasingly sophisticated malicious links and malware; using professional, licensed antivirus software can significantly reduce the risk of device takeover and data theft.

Bkav