CVE-2025-71380
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk33th percentile — higher than 33% of all known CVEs
Summary
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands.
Risk Assessment
Risk includes data exfiltration, service disruption, or complete system compromise, potentially leading to significant financial and reputational damage.
Recommendation
It is recommended to immediately restrict access to the Execute Command node to trusted users only and implement monitoring and auditing mechanisms for executed commands.
Original NVD description (English source)
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise.

