Authenticated RCE in n8n Workflow Expression Evaluation

Repository contains a standalone Python exploit plus a Dockerized lab for reproducing a full unauthenticated-to-RCE chain against n8n. The main exploit file is exploit.py, which implements a multi-stage attack: it first abuses CVE-2026-21858 by POSTing JSON with Content-Type: application/json to a user-supplied form endpoint, crafting a fake uploaded file object whose filepath points to arbitrary local files. This yields arbitrary file read from the n8n host. The script then reads /proc/self/environ to locate HOME, reads $HOME/.n8n/config to recover the encryptionKey, and reads $HOME/.n8n/database.sqlite to extract admin-related data. From that material it forges an n8n-auth admin token/cookie and uses authenticated REST API calls to create/trigger a malicious workflow. For code execution, it abuses CVE-2025-68613 by inserting a JavaScript expression payload into a Set node; the payload reaches this.process.mainModule.require, imports child_process, and executes arbitrary shell commands via execSync. The script supports direct file read mode, single-command execution, and an interactive shell loop. Repository structure is small and purpose-built: exploit.py is the operational exploit; init/setup.sh provisions a local vulnerable n8n instance by creating an admin account, logging in, creating a formTrigger + respondToWebhook workflow, and activating it; Dockerfile installs n8n 1.65.0; docker-compose.yml exposes port 5678 and runs the setup script automatically; pyproject.toml defines Python dependencies (requests, pyjwt) and a console entry point; README.md documents the chain, limitations, references, and lab usage. This is not a detection script and not merely a README—it is a functional PoC/operational exploit with a hardcoded but effective RCE payload and a reproducible local lab.

This repository is a minimal write-up repository rather than a full exploit codebase. It contains two Markdown files: README.md with a short description of the issue and report.md with the exploitation narrative and the proof-of-concept payload. There are no standalone scripts, binaries, or automation components. The exploit targets n8n expression injection / sandbox escape behavior identified as CVE-2025-68613. The described attack flow is web-based: an authenticated user logs into the n8n admin/workflow interface, creates a workflow, adds an "Edit Fields" node, switches a field to Expression mode, and injects JavaScript into the expression evaluator. The payload accesses this.process.mainModule.require to bypass sandbox restrictions, loads the Node.js child_process module, and invokes execSync('cat /secret.txt') to read a sensitive file from the host. Main capability: remote code execution in the context of the n8n server via expression injection, demonstrated through arbitrary command execution and local file disclosure. The proof of concept specifically reads /secret.txt and returns its contents to the UI. Because the repository only documents a single hardcoded payload and does not provide reusable tooling, automation, or configurable delivery, it is best classified as a POC. Notable observables are limited to local paths and runtime access primitives rather than network infrastructure: /secret.txt, child_process, and process.mainModule.require. No external URLs, IPs, callback domains, or C2 endpoints are present in the repository.

This repository is a standalone exploit/lab for a full n8n attack chain combining CVE-2026-21858 (unauthenticated arbitrary file read via Content-Type confusion on a form upload workflow) with CVE-2025-68613 (expression injection sandbox bypass leading to command execution). The repository contains a Python exploit script, Docker-based vulnerable lab, and a Bash setup script that provisions a vulnerable n8n workflow. Structure: exploit.py is the main exploit entry point. It implements HTTP interaction, arbitrary file read against a supplied form endpoint, SQLite parsing of a downloaded n8n database, and JWT forging for admin authentication. The RCE stage is only stubbed in code, but the README documents the intended JavaScript expression payload using this.process.mainModule.require and child_process.execSync. init/setup.sh configures the local lab by waiting for n8n, creating an owner account, logging in, creating a workflow with a Form Trigger and Respond node, and activating it at /form/vulnerable-form. Dockerfile and docker-compose.yml build and run n8n 1.65.0 with insecure lab settings. Main exploit capabilities: (1) unauthenticated arbitrary file read by POSTing crafted JSON to a vulnerable form endpoint and controlling the file filepath field; (2) extraction of admin id/email/password hash from database.sqlite; (3) derivation of the JWT secret from the encryption key and forging of an n8n-auth cookie; (4) intended authenticated RCE through workflow/expression injection. The implemented code is operational for file read and token forging, while the final command-execution logic is incomplete in exploit.py and described in the README. Notable targets/endpoints include the vulnerable form path, n8n REST API endpoints used by the lab (/rest/settings, /rest/owner/setup, /rest/login, /rest/workflows), and sensitive local files such as /proc/self/environ, $HOME/.n8n/config, and $HOME/.n8n/database.sqlite. Overall, this is a real exploit repository with a working proof-of-concept for the early chain stages and documented end-to-end RCE intent.

Repository contains a CVE-2025-68613 toolkit targeting n8n (workflow automation) expression-injection leading to RCE. Structure & purpose (4 files): 1) CVE-2025-68613-exploit.py: Standalone Python exploit that uses an authenticated n8n REST API key (X-N8N-API-KEY) to (a) create a minimal workflow with a Set node whose string value is a malicious n8n expression, (b) execute the workflow via /run to trigger evaluation, (c) print returned output, and (d) delete the workflow to reduce artifacts. Payload options include env var leak, whoami/id command execution, reading /etc/passwd, and a bash reverse shell to attacker-controlled IP/port. 2) CVE-2025-68613.py: A “SAFE” remote exposure/version checker (no exploitation) that probes common n8n endpoints (/, /rest/settings, /healthz, /api/v1/health), attempts to detect n8n and parse a semantic version from responses, then compares against vulnerable ranges. 3) CVE-2025-68613.yaml: A Nuclei detection template that requests /signin, /login, or / and extracts a base64-encoded meta tag (n8n:config:sentry), decodes it, derives the n8n version, and flags vulnerable versions using compare_versions logic. 4) README.md: Documentation describing the vulnerability, affected/patched versions, mitigation guidance, and usage examples for the safe checker, nuclei template, and exploit. Overall capability: authenticated network RCE against vulnerable n8n instances by abusing workflow expression evaluation to access Node.js primitives (require('child_process'), require('fs')) and execute OS commands or establish a reverse shell.

Repository contains a single operational PoC exploit script for CVE-2025-68613 affecting n8n (workflow automation). Structure: (1) README.md documents the vulnerability, affected versions (>=0.211.0 <1.120.4), authentication requirement, and usage examples; (2) poc_final.sh is the entry point. Exploit flow in poc_final.sh: it logs into the target n8n instance via POST /rest/login and stores cookies in /tmp/n8n_session.txt; creates a new workflow via POST /rest/workflows with two nodes (manualTrigger and n8n-nodes-base.executeCommand) where the attacker-supplied command is placed into the executeCommand node parameters; fetches the full workflow JSON via GET /rest/workflows/<id> (needed for 1.x run API); triggers execution via POST /rest/workflows/<id>/run; queries the latest execution via GET /rest/executions?limit=1 to obtain an execution ID; retrieves execution details via GET /rest/executions/<exec_id> and uses an embedded Python snippet to de-reference n8n’s compressed execution data format and print stdout/stderr; finally deletes the created workflow via DELETE /rest/workflows/<id> to reduce artifacts. Primary capability: authenticated remote command execution on the n8n host with output retrieval over the REST API. No persistence or lateral movement logic is included beyond workflow creation and cleanup.

Repository purpose: provides a runnable PoC/operational exploit chain (“Ni8mare”) against n8n combining CVE-2026-21858 (unauthenticated arbitrary file read via Content-Type confusion on a Form Trigger upload flow) and CVE-2025-68613 (expression injection leading to sandbox bypass and RCE). Structure: - exploit.py: main Python exploit. Implements (1) unauthenticated file read by POSTing JSON to a user-supplied form webhook path with Content-Type: application/json and a crafted files[].filepath, (2) discovery of HOME via /proc/self/environ, (3) reading $HOME/.n8n/config to obtain encryptionKey, (4) reading $HOME/.n8n/database.sqlite and extracting the global:owner user record, (5) deriving a JWT secret from encryptionKey and forging an admin session cookie (n8n-auth), and (6) authenticated RCE by creating a workflow with a Manual Trigger and a Set node containing a malicious expression that uses this.process.mainModule.require('child_process').execSync to run arbitrary commands. Provides --read for LFI, --cmd for one-shot command execution, and an interactive command loop. - docker-compose.yml + Dockerfile: builds a local vulnerable lab using n8n@1.65.0 exposed on port 5678, with an init volume. - img/setup.sh: automates lab initialization: waits for /rest/settings, creates an owner, logs in, creates and activates a workflow exposing /form/vulnerable-form with a file upload field and Respond node configured to return the uploaded binary—matching the exploit’s prerequisite. - pyproject.toml: Python packaging/entry point (script name: exploit). Key exploit capabilities: - Unauthenticated arbitrary file read from the n8n host/container filesystem by controlling a file path in the form upload handling. - Credential/material extraction (encryptionKey + SQLite DB) and admin token forging to gain authenticated API access. - Remote command execution via expression injection sandbox escape, returning command output; supports interactive mode. Notable targeting details: - Network target is an n8n HTTP service (commonly :5678). The exploit requires a known, reachable form webhook path (e.g., /form/vulnerable-form) that uses a file upload field and Respond node; without that workflow pattern, the chain may not work (as noted in README limitations).

Repository purpose: a full-chain exploit PoC for n8n dubbed “Ni8mare”, chaining CVE-2026-21858 (unauthenticated arbitrary file read via Content-Type confusion on a form upload workflow) with CVE-2025-68613 (expression injection sandbox bypass) to achieve remote code execution. Core exploit (exploit.py, Python): - Implements a Ni8mare class that targets a user-supplied base URL and a specific n8n Form Trigger path. - Stage 1 (Unauthenticated AFR/LFI): POSTs JSON to the form endpoint with header Content-Type: application/json and a crafted body containing files[...].filepath, causing n8n to copy/read an arbitrary server-side file and return its contents. - Uses AFR to read /proc/self/environ to discover HOME, then reads $HOME/.n8n/config to extract encryptionKey, and reads $HOME/.n8n/database.sqlite to extract the global:owner (admin) user record. - Stage 2 (Token forge): derives/uses a JWT secret from encryptionKey (forge_token function is present but truncated in provided content) and sets an authenticated session cookie (n8n-auth) for subsequent REST API calls. - Stage 3 (Authenticated RCE): programmatically creates a workflow containing a Manual Trigger and a Set node whose value is an expression-injection payload. The payload uses this.process.mainModule.require to import child_process and run execSync("CMD"), returning command output. Provides --cmd for single command execution and an interactive loop for repeated commands. - Includes a version check via GET /rest/settings and flags vulnerable if version < 1.121.0. Lab environment: - Dockerfile installs n8n@1.65.0 and exposes port 5678. - docker-compose.yml runs n8n with relaxed cookie settings and executes init/setup.sh after startup. - init/setup.sh creates an owner account, logs in, creates and activates a “Vulnerable Form” workflow (Form Trigger with a file field + Respond node responding with the uploaded binary), and prints the vulnerable form URL. Notable targeting constraints (from README and code): exploit is not universal; it requires an existing (or attacker-created, once authenticated) workflow that uses a Form Trigger with file upload and a Respond node configured to return the binary, because the AFR is triggered through that specific request handling path. No evidence of being part of Metasploit/Nuclei/etc.; it is a standalone Python exploit with a dockerized vulnerable lab.

Repository purpose: research + PoC exploitation + detection + mitigation guidance for CVE-2025-68613 (n8n expression injection leading to authenticated RCE). Core exploit capability: - Uses n8n’s expression syntax `{{ ... }}` to execute attacker-controlled JavaScript. - Breaks out of the intended expression sandbox via `this.constructor.constructor(...)` to reach the `Function` constructor. - Retrieves Node.js `process` (`constructor('return process')()`), then loads `child_process` via `process.mainModule.require('child_process')`. - Executes arbitrary OS commands with `execSync(...)` and returns output to the UI (`toString()`). - A documented variant executes a bash reverse shell to `ATTACKER_IP:4444`. Notable files / structure: - `exploit/payload.js`: primary PoC payload executing `id` on the server. - `exploit/browser_exploit.md`: step-by-step UI workflow to place the payload into an “Edit Fields (Set)” node and execute it. - `diagrams/attack_flow.md`: Mermaid attack chain diagram; includes an inline `exploit/reverse_shell.js` example payload (not present as a standalone file in the tree) showing `/dev/tcp` reverse shell. - `Docker Vulnerable Lab/` (Dockerfile + compose): spins up vulnerable n8n `n8nio/n8n:1.120.3` on port 5678 with basic auth `admin/admin` for local testing. - `detection/sigma-rule.yml`: detection logic for POSTs to `/rest/workflows` containing strings like `child_process`, `constructor`, `execSync`. - `remediation/Hardening_Guide.md`: upgrade guidance (>= 1.120.4) and operational mitigations. - `research/*` and `Technical Background.md`: root cause and impact analysis explaining the sandbox escape chain. Overall: This is a functional PoC (not a full weaponized tool) demonstrating authenticated RCE in vulnerable n8n versions, plus lab setup and defender-focused detection/mitigation documentation.

Repository contains a Python exploit (exploit.py) and a Docker-based vulnerable lab for n8n. Core exploit (exploit.py): Implements a full-chain attack labeled “CVE-2026-21858 + CVE-2025-68613” against n8n. It targets a Form Trigger webhook endpoint (user-supplied form path) to perform unauthenticated arbitrary file read by submitting crafted JSON with a fake uploaded file object containing an attacker-controlled “filepath”. Using LFI, it reads /proc/self/environ to discover HOME, then reads $HOME/.n8n/config to obtain the encryptionKey and $HOME/.n8n/database.sqlite to extract the global owner’s id/email/password hash. It then forges an admin authentication token (used as the n8n-auth cookie) and proceeds to achieve RCE by creating/using workflow nodes containing a JavaScript expression payload that escapes to Node.js require() and executes OS commands via child_process.execSync, returning output. The CLI supports: --read PATH (LFI), --cmd CMD (single command), and an interactive command loop. Lab environment: Dockerfile installs n8n@1.65.0 and exposes port 5678. docker-compose.yml runs n8n with N8N_SECURE_COOKIE=false and WEBHOOK_URL=http://localhost:5678/. init/setup.sh waits for /rest/settings, creates an owner via /rest/owner/setup, logs in via /rest/login, creates a workflow with a Form Trigger (webhookId: vulnerable-form) and Respond node, activates it, and prints the vulnerable form URL (http://localhost:5678/form/vulnerable-form). Overall purpose: Provide an operational PoC/full-chain exploit and a reproducible container lab demonstrating unauthenticated file read leading to admin token forgery and remote command execution on vulnerable n8n instances.

Repository contains a single Python exploit (exploit.py) and a README describing an unauthenticated full-chain RCE against n8n < 1.121.0 by chaining CVE-2026-21858 (content-type confusion leading to arbitrary file read via a public form endpoint) with CVE-2025-68613 (expression injection leading to command execution). Structure & flow: - README.md: documents the attack chain, prerequisites (public form endpoint in an active workflow with file upload + binary response), and usage modes (file read, single command, interactive shell). - exploit.py: implements class Ni8mare that: 1) Targets a user-supplied base URL and form path; uses requests.Session. 2) Performs arbitrary file read by POSTing JSON to the form endpoint with a crafted "files" object containing a chosen "filepath". 3) Reads /proc/self/environ to discover HOME, then reads $HOME/.n8n/config to extract encryptionKey, and $HOME/.n8n/database.sqlite to obtain the user database. 4) Parses the exfiltrated SQLite DB locally (writes to a temp .db file) to locate admin/owner user data (code is partially truncated in provided content but clearly intended to dump/identify admin and derive needed secrets). 5) Forges an admin JWT (stored as cookie n8n-auth) and uses authenticated REST calls (at least /rest/settings is explicit; additional REST endpoints for workflow creation/execution are implied by pwn()/rce() usage). 6) Achieves RCE by constructing workflow nodes (Manual Trigger -> Set) where the Set node value contains a JavaScript expression that calls process.mainModule.require('child_process').execSync("CMD") and returns stdout. Capabilities: - Unauthenticated arbitrary file read (LFI-style) against the form endpoint. - Credential/secret extraction from n8n config and SQLite DB. - Admin token forgery (JWT) and authenticated API interaction. - Remote command execution with output retrieval; supports one-shot commands and an interactive loop. Notable fingerprintable targets/observables: - HTTP GET /rest/settings for version detection. - Form endpoint at <base_url>/<form_path> for the LFI primitive. - File paths: /proc/self/environ, $HOME/.n8n/config, $HOME/.n8n/database.sqlite. - Auth cookie name: n8n-auth. - Node.js execution primitive: child_process.execSync via injected expression.

This repository provides a full-chain exploit for n8n, targeting CVE-2026-21858 (Arbitrary File Read) and CVE-2025-68613 (Expression Injection RCE). The exploit is implemented in Python (exploit.py) and automates the attack chain: it first abuses a file upload endpoint to read arbitrary files (including sensitive n8n config and database files), then forges an admin JWT token, and finally creates a malicious workflow to achieve remote code execution via a sandbox bypass. The repository includes a Dockerfile and docker-compose.yml for setting up a vulnerable n8n instance, and an init/setup.sh script to automate the creation of a vulnerable workflow. The exploit requires the target n8n instance to have a specific workflow configuration (form with file upload and Respond node). The main attack vector is network-based, exploiting HTTP endpoints exposed by n8n. Key fingerprintable endpoints include the n8n web interface (http://localhost:5678/), the REST API (/rest/settings), and the vulnerable form endpoint (/form/vulnerable-form). The exploit demonstrates a critical unauthenticated RCE chain and is a proof-of-concept, not a universal exploit.

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-68613 targeting n8n version 1.120.0. The exploit demonstrates how an attacker can inject JavaScript code into a workflow node via the n8n web interface, resulting in arbitrary command execution on the server. The repository contains two files: a README.md with step-by-step instructions and the actual payload, and a docker-compose.yml file to set up a vulnerable n8n instance with basic authentication. The attack vector is through the browser, requiring the attacker to access the n8n web interface and inject the payload into a workflow node. The only fingerprintable endpoint is the local n8n instance at http://localhost:5678. No network-based exploitation is shown; the exploit is performed via authenticated access to the web UI.

This repository provides payloads for exploiting CVE-2025-68613, a remote code execution (RCE) vulnerability in n8n (a workflow automation tool) when misconfigured with NODE_FUNCTION_ALLOW_BUILTIN=*. The repository contains two files: a README.md with legal disclaimers and a n8nexploit.txt file containing detailed exploitation instructions and example payloads. The exploit leverages the ability to inject JavaScript code into n8n's 'Code > Javascript' workflow node, allowing arbitrary command execution via Node.js's child_process module. Example payloads demonstrate reading system information, listing files, and establishing a reverse shell using netcat. The exploit targets n8n versions below 1.120.4 running in a Docker environment with insecure configuration. No direct network endpoints are hardcoded, but the attacker must specify their own IP and port for the reverse shell. The payloads are operational and require manual insertion into the n8n workflow interface.

This repository provides a scanner and an authenticated exploit PoC for CVE-2025-68613, a critical expression injection vulnerability in the n8n Workflow Automation Platform (versions 0.211.0–1.120.3 and 1.121.0). The repository contains two main Python scripts: 1. tot-scanner-2025-68613.py: A non-exploit scanner that detects n8n instances, extracts their version, and determines if they are vulnerable. It queries several endpoints (/, /rest/settings, /healthz, /api/v1/health) and supports JSON output for automation. 2. tot-exploit-2025-68613.py: An authenticated exploit that requires valid n8n credentials. It logs in to the target, creates a workflow with a malicious expression in a Set node, and triggers execution to achieve remote code execution. Supported payloads include system info, arbitrary command execution, environment variable dump, file read/write, and reverse shell. The exploit interacts with the n8n REST API endpoints for login, workflow creation, execution, and cleanup. The code is written in Python and uses the requests library. The exploit is operational, providing real RCE capabilities but requiring valid credentials. No hardcoded payloads are present; the user supplies payload type and parameters at runtime. The repository is well-documented, with clear usage instructions and warnings about legal/ethical use.

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-68613, a critical Remote Code Execution (RCE) vulnerability in the n8n workflow automation platform. The repository contains two files: a JavaScript payload (Payload/payload-ssti.js) and a detailed README.md. The exploit leverages a Server-Side Template Injection (SSTI) vulnerability in n8n's workflow expression evaluation, allowing an authenticated user with workflow edit permissions to execute arbitrary system commands on the server. The payload is a JavaScript expression that, when inserted into a workflow's field, uses Node.js internals to execute a shell command via the 'child_process' module. The README provides comprehensive exploitation steps, affected version details, and mitigation advice. No hardcoded network endpoints or IPs are present in the code; exploitation is performed through the n8n web interface by authenticated users. The exploit is a PoC and does not include weaponized or automated attack scripts.

This repository provides a complete laboratory environment and a proof-of-concept (PoC) exploit for CVE-2025-68613, a remote code execution (RCE) vulnerability in n8n version 1.120.3. The main exploit is implemented in 'CVE-2025-68613.py', a Python script that authenticates to a target n8n instance, creates a malicious workflow containing a JavaScript expression injection, and triggers arbitrary command execution on the server. The exploit requires valid user credentials and targets the n8n REST API endpoints for login, project retrieval, and workflow creation. The repository includes a Dockerfile and docker-compose.yml to deploy a vulnerable n8n instance and PostgreSQL database for safe testing. The README provides detailed setup and usage instructions, emphasizing ethical and educational use. The exploit demonstrates authenticated RCE via workflow expression injection, with the payload leveraging Node.js's 'child_process' module to execute attacker-supplied commands.

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-68613, a critical Remote Code Execution (RCE) vulnerability in the n8n workflow automation platform. The repository contains two files: a JavaScript payload (Payload/payload-ssti.js) and a detailed README.md. The exploit leverages a Server-Side Template Injection (SSTI) vulnerability in n8n's workflow expression evaluation, allowing an authenticated user with workflow edit permissions to execute arbitrary system commands on the server. The payload is a JavaScript expression that, when inserted into a workflow's field, uses Node.js internals to execute a shell command via the 'child_process' module. The README provides comprehensive exploitation steps, affected version details, and mitigation advice. No hardcoded network endpoints or IPs are present in the code; exploitation is performed through the n8n web interface by authenticated users. The exploit is a PoC and does not include weaponized or automated attack scripts.

This repository contains a proof-of-concept (PoC) exploit for CVE-2025-68613, a critical authenticated remote code execution vulnerability in the n8n Workflow Automation Tool (versions >=0.211.0 and <1.120.4). The exploit is implemented as a Bash script ('n8n-cve-2025-68613-poc.sh') that sends a crafted workflow to the target n8n instance via its REST API. The workflow contains a malicious expression that escapes the intended sandbox and executes arbitrary OS commands using Node.js's 'child_process.execSync'. The attacker must supply a valid API key or session for authentication. The README.md provides detailed vulnerability information, usage instructions, and legal warnings. The main attack vector is network-based, targeting the n8n REST API endpoint. The exploit demonstrates both command execution (e.g., 'id') and the potential for a reverse shell. No detection or scanning functionality is present; this is a direct exploitation PoC.

This repository provides a comprehensive Python-based exploitation framework for CVE-2025-68613, a critical remote code execution (RCE) vulnerability in the n8n workflow automation platform. The main exploit script, 'n8n-godmode-ultimate.py', supports multiple operational modes: detection, safe vulnerability check, proof-of-concept RCE, and full exploitation. It implements several exploitation techniques, including schedule trigger, webhook trigger, code node execution, and expression injection, allowing for flexible attack vectors. The tool can extract the n8n version, perform batch scanning of multiple targets, and, if credentials are provided, exploit the vulnerability to execute arbitrary OS commands, provide an interactive shell, read and write files, extract environment variables, enumerate users and credentials, dump workflows and configurations, and establish a reverse shell. The exploit interacts with the n8n instance over HTTP(S), typically targeting the default web interface at port 5678. The code is operational and provides real exploitation capabilities, not just detection. The repository is structured with a main Python exploit script, a requirements file listing dependencies (requests, urllib3, tqdm, colorama), and supporting documentation. The exploit is intended for authorized security testing and red teaming against vulnerable n8n instances.

This repository contains a Python exploit script (exploit.py) targeting CVE-2025-68613, a critical remote code execution vulnerability in the n8n workflow automation platform. The exploit abuses insufficient sandboxing in the expression evaluation system, allowing an authenticated attacker to create a workflow with a Code node that executes arbitrary system commands on the server. The script supports both direct command execution and reverse shell payloads, and provides options for different exploitation modes (schedule, webhook, code_node). The exploit interacts with the n8n REST API endpoints for authentication, workflow creation, and execution. The README.md provides a brief description, while exploit.py contains all exploit logic. No detection or fake code is present; this is a functional exploit requiring valid credentials and network access to the target n8n instance.

This repository contains a proof-of-concept exploit for CVE-2025-68613, a remote code execution (RCE) vulnerability in n8n (tested on version 1.121.0). The exploit is implemented in Python (exploit.py) and requires valid credentials to the target n8n instance. The script authenticates to the target, creates a new workflow with a malicious JavaScript payload that leverages Node.js's child_process module to execute arbitrary system commands, and provides an interactive shell for the attacker. The exploit interacts with several n8n REST API endpoints to perform authentication, workflow creation, payload injection, execution, and result retrieval. The repository also includes a README.md with usage instructions and a requirements.txt specifying the 'requests' library. The exploit is operational, providing a working interactive shell, but is not weaponized for mass exploitation.

This repository contains two Nuclei YAML templates targeting CVE-2025-68613, a critical authenticated remote code execution (RCE) vulnerability in n8n Workflow Automation (versions 0.211.0 - 1.120.3 and 1.121.0). The main exploit template (CVE-2025-68613-exploit.yaml) automates exploitation by authenticating to the target n8n instance, creating a malicious workflow that leverages JavaScript expression evaluation to execute arbitrary code, and extracting system information to confirm exploitation. The exploit requires valid credentials and interacts with several n8n API endpoints to perform login, workflow creation, execution, and cleanup. The detection template (CVE-2025-68613-version-detect.yaml) passively identifies vulnerable n8n instances by probing multiple endpoints and extracting version information using several methods, ensuring high detection coverage. The repository is structured for use with the Nuclei framework, with clear separation between exploitation and detection logic. No hardcoded IPs or domains are present; all endpoints are relative to the target host. The README provides detailed background, usage instructions, and references.

This repository contains a Pocsuite3 exploit module (n8n_auth_rce.py) and a detailed README for CVE-2025-68613, an authenticated remote code execution vulnerability in n8n (all versions). The exploit leverages the n8n API to create a workflow containing a malicious Node.js expression, which is then executed to run arbitrary system commands on the server. The script supports both harmless verification (math calculation) and full command execution modes. It requires a valid X-N8N-API-KEY for authentication. The exploit interacts with the n8n API endpoints /rest/workflows (for creation and deletion) and /rest/workflows/{id}/run (for execution). The code is operational and can be used for both detection and exploitation, with automatic cleanup to remove traces. The repository is structured with a single Python exploit file and a README providing usage instructions and technical details.

This repository provides a full proof-of-concept (PoC) and operational exploit for CVE-2025-68613, a remote code execution (RCE) vulnerability in n8n version 0.211.0. The vulnerability arises from insufficient filtering of the 'constructor' property in n8n's expression sandbox, allowing attackers to bypass the intended restriction using bracket notation (e.g., "['constructor']") and ultimately access the Function constructor. The exploit is delivered as a malicious workflow payload (in JSON format) to the authenticated /rest/workflows/run API endpoint. Upon execution, the payload leverages Node.js's child_process.execSync to run arbitrary system commands, such as creating a file in /tmp, thereby demonstrating RCE within the container. The repository includes Docker deployment files, workflow payloads, authentication cookies, and detailed markdown walkthroughs in both English and Chinese. The exploit requires authenticated access to the n8n instance, which can be obtained via password reset or direct database manipulation as described in the documentation. The code is operational and demonstrates real-world impact, but is not weaponized for mass exploitation.

This repository contains a Python proof-of-concept exploit for CVE-2025-68613, a remote code execution (RCE) vulnerability in the n8n workflow automation platform. The repository consists of two files: a README.md with a brief description, and the main exploit script 'poccve2025-68613.py'. The exploit script allows an attacker to authenticate to a target n8n instance using valid credentials, create a malicious workflow containing a JavaScript expression injection payload, execute arbitrary system commands on the server, retrieve the output, and clean up by deleting the workflow. The script interacts with the n8n REST API endpoints over HTTP(S), specifically targeting '/rest/login', '/rest/workflows', '/rest/workflows/{id}/run', '/rest/executions/{id}', and '/rest/workflows/{id}'. The exploit requires the attacker to know valid credentials for the n8n instance and for the instance to be vulnerable to CVE-2025-68613. The payload leverages JavaScript code injection to execute system commands via Node.js's 'child_process.execSync'. The exploit is operational and provides direct command execution capabilities on the target server.

This repository provides a comprehensive research and exploitation toolkit for CVE-2025-68613, a critical expression injection vulnerability in the n8n Workflow Automation platform. The vulnerability allows any authenticated user to execute arbitrary code on the server via crafted workflow expressions, leading to full remote code execution (RCE). The repository includes: - Detailed documentation (README.md, QUICK_START.md, INDEX.md) covering vulnerability mechanics, exploitation, detection, and remediation. - A passive scanner (cve-2025-68613-scanner.py) for safe detection of vulnerable n8n instances without authentication or exploitation. - A Nuclei template (CVE-2025-68613.yaml) for automated authenticated scanning. - A full-featured exploit (exploit_cve-2025-68613.py) supporting six payloads: system info, command execution, environment variable extraction, file read, file write, and reverse shell. The exploit handles authentication, workflow creation, payload injection, execution, and cleanup. The main attack vector is network-based, requiring only low-privilege authentication to the n8n instance. The exploit targets the /rest/login endpoint for authentication, then abuses /rest/workflows and /rest/workflows/{id}/run to inject and trigger malicious expressions. The exploit is operational and provides real-world attack capabilities, including system compromise, credential extraction, and persistence. The repository is well-documented and suitable for both offensive and defensive security teams.

This repository provides a comprehensive research and exploitation toolkit for CVE-2025-68613, a critical expression injection vulnerability in the n8n Workflow Automation platform. The vulnerability allows any authenticated user to execute arbitrary code on the server via crafted workflow expressions, leading to full remote code execution (RCE). The repository includes: - Detailed documentation (README.md, QUICK_START.md, INDEX.md) covering vulnerability mechanics, exploitation, detection, and remediation. - A passive scanner (cve-2025-68613-scanner.py) for safe detection of vulnerable n8n instances without authentication or exploitation. - A Nuclei template (CVE-2025-68613.yaml) for automated authenticated scanning. - A full-featured exploit (exploit_cve-2025-68613.py) supporting six payloads: system info, command execution, environment variable extraction, file read, file write, and reverse shell. The exploit handles authentication, workflow creation, payload injection, execution, and cleanup. The main attack vector is network-based, requiring only low-privilege authentication to the n8n instance. The exploit targets the /rest/login endpoint for authentication, then abuses /rest/workflows and /rest/workflows/{id}/run to inject and trigger malicious expressions. The exploit is operational and provides real-world attack capabilities, including system compromise, credential extraction, and persistence. The repository is well-documented and suitable for both offensive and defensive security teams.