## https://sploitus.com/exploit?id=91739E92-0F14-5591-A578-8B9FD937DFCF
# n8n CVE-2025-68613 โ Lab
## Disclaimer
This repository contains a **security laboratory intended strictly for educational and ethical purposes**.
- This laboratory must **only be used in controlled environments**
- Do **not** deploy or test against systems you do not own or have explicit authorization to assess
The author assumes **no responsibility** for misuse of the information, configurations, or proof-of-concept code provided in this repository.
---
## Overview
This laboratory deploys a **vulnerable instance of n8n (v1.120.3)** alongside a PostgreSQL database in order to **study and reproduce the impact of CVE-2025-68613** in a controlled environment.
The lab is designed for:
- application security research
- vulnerability analysis
- PoC development and validation
- ethical penetration testing practice
---
## Laboratory Architecture
- n8n (vulnerable version)
- PostgreSQL 16
- Docker + Docker Compose
- Initial user onboarding enabled (no preconfigured authentication)
When the environment is started for the first time, **n8n will prompt the user to create a new account via the web interface**.
---
## Requirements
- Docker 20.x or newer
- Docker Compose v2
- Linux or macOS
- Port **5678** available on localhost
Verify installation:
```bash
docker --version
docker compose version
```
---
## Environment Setup
### 1. Clone the repository
```bash
git clone https://github.com/YOUR_USERNAME/YOUR_REPOSITORY.git
cd YOUR_REPOSITORY
```
---
### 2. Build the environment
```bash
docker compose build --no-cache
```
---
### 3. Start the laboratory
```bash
docker compose up -d
```
---
### 4. Verify n8n is running
```bash
docker compose logs -f n8n
```
Access the web interface at:
```
http://localhost:5678
```
On first access, n8n will request **creation of a new user account**.
---
## Proof of Concept (PoC)
This laboratory is intended to be used with a **custom Proof of Concept developed by the author**, which demonstrates the impact of **CVE-2025-68613** under authenticated conditions.
### Example PoC Execution
```bash
python3 CVE-2025-68613.py -u http://localhost:5678 -e 'tester@tester.com' -p '.Tester123' --command 'cat /etc/passwd'
```
### Example PoC Execution with Burp Proxy
```bash
python3 CVE-2025-68613.py -u http://localhost:5678 -e 'tester@tester.com' -p '.Tester123' --command 'cat /etc/passwd' --proxy 'http://127.0.0.1:8080'
```
### Parameters
| Parameter | Description |
|---------|------------|
| `-u` | URL of the n8n instance |
| `-e` | Email of a valid authenticated user |
| `-p` | Password of the user |
| `--command` | Command executed within the vulnerable context |
The PoC **must only be executed against this laboratory**.
---
## Resetting the Environment
To fully reset the lab (containers, volumes, and data):
```bash
docker compose down -v --remove-orphans
```
Then rebuild:
```bash
docker compose up -d --build
```
---
## Educational Purpose
This laboratory exists to:
- demonstrate real-world vulnerability impact
- improve secure development and testing skills
- support ethical security research
All testing should be performed responsibly and legally.