Share
## https://sploitus.com/exploit?id=91739E92-0F14-5591-A578-8B9FD937DFCF
# n8n CVE-2025-68613 โ€” Lab

## Disclaimer

This repository contains a **security laboratory intended strictly for educational and ethical purposes**.

- This laboratory must **only be used in controlled environments**
- Do **not** deploy or test against systems you do not own or have explicit authorization to assess

The author assumes **no responsibility** for misuse of the information, configurations, or proof-of-concept code provided in this repository.

---

## Overview

This laboratory deploys a **vulnerable instance of n8n (v1.120.3)** alongside a PostgreSQL database in order to **study and reproduce the impact of CVE-2025-68613** in a controlled environment.

The lab is designed for:
- application security research
- vulnerability analysis
- PoC development and validation
- ethical penetration testing practice

---

## Laboratory Architecture

- n8n (vulnerable version)
- PostgreSQL 16
- Docker + Docker Compose
- Initial user onboarding enabled (no preconfigured authentication)

When the environment is started for the first time, **n8n will prompt the user to create a new account via the web interface**.

---

## Requirements

- Docker 20.x or newer
- Docker Compose v2
- Linux or macOS
- Port **5678** available on localhost

Verify installation:
```bash
docker --version
docker compose version
```

---

## Environment Setup

### 1. Clone the repository
```bash
git clone https://github.com/YOUR_USERNAME/YOUR_REPOSITORY.git
cd YOUR_REPOSITORY
```

---

### 2. Build the environment
```bash
docker compose build --no-cache
```

---

### 3. Start the laboratory
```bash
docker compose up -d
```

---

### 4. Verify n8n is running
```bash
docker compose logs -f n8n
```

Access the web interface at:
```
http://localhost:5678
```

On first access, n8n will request **creation of a new user account**.

---

## Proof of Concept (PoC)

This laboratory is intended to be used with a **custom Proof of Concept developed by the author**, which demonstrates the impact of **CVE-2025-68613** under authenticated conditions.

### Example PoC Execution

```bash
python3 CVE-2025-68613.py -u http://localhost:5678 -e 'tester@tester.com' -p '.Tester123' --command 'cat /etc/passwd'
```

### Example PoC Execution with Burp Proxy

```bash
python3 CVE-2025-68613.py -u http://localhost:5678 -e 'tester@tester.com' -p '.Tester123' --command 'cat /etc/passwd' --proxy 'http://127.0.0.1:8080'
```

### Parameters

| Parameter | Description |
|---------|------------|
| `-u` | URL of the n8n instance |
| `-e` | Email of a valid authenticated user |
| `-p` | Password of the user |
| `--command` | Command executed within the vulnerable context |

The PoC **must only be executed against this laboratory**.

---

## Resetting the Environment

To fully reset the lab (containers, volumes, and data):

```bash
docker compose down -v --remove-orphans
```

Then rebuild:
```bash
docker compose up -d --build
```

---

## Educational Purpose

This laboratory exists to:
- demonstrate real-world vulnerability impact
- improve secure development and testing skills
- support ethical security research

All testing should be performed responsibly and legally.