目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-68613 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
n8n Vulnerable to Remote Code Execution via Expression Injection
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
动态管理代码资源的控制不恰当
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
n8n 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 0.211.0版本至1.120.4版本、1.121.1版本和1.122.0版本之前版本存在安全漏洞,该漏洞源于工作流表达式评估系统隔离不足,可能导致远程代码执行。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
n8n-ion8n >= 0.211.0, < 1.120.4 -
二、漏洞 CVE-2025-68613 的公开POC
#POC 描述源链接神龙链接
1Detection for CVE-2025-68613https://github.com/rxerium/CVE-2025-68613POC详情
2CVE-2025-68613https://github.com/Ashwesker/Blackash-CVE-2025-68613POC详情
3Public PoC + Scanner and research for CVE-2025-68613: Critical RCE in n8n Workflow Automation via Expression Injection (CVSS 10.0). Includes detection tools, full exploit, and remediation guidance.https://github.com/TheStingR/CVE-2025-68613-POCPOC详情
4CVE-2025-68613: n8n RCE vulnerability exploit and documentationhttps://github.com/wioui/n8n-CVE-2025-68613-exploitPOC详情
5通过GitHub Copilot 辅助分析CVE-2025-68613漏洞https://github.com/intbjw/CVE-2025-68613-poc-via-copilotPOC详情
6Nonehttps://github.com/ali-py3/Exploit-CVE-2025-68613POC详情
7This repository contains a laboratory-grade analysis and a **safe Proof-of-Concept** for the vulnerability **CVE-2025-68613**, affecting the workflow automation platform **n8n**.https://github.com/nehkark/CVE-2025-68613POC详情
8My poc to exploit this vuln :Dhttps://github.com/GnuTLam/POC-CVE-2025-68613POC详情
9n8n < 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-68613.yamlPOC详情
10基于Pocsuite3 框架编写的漏洞验证与利用脚本,用于检测 n8n工作流自动化工具中的认证后远程代码执行漏洞(RCE)https://github.com/secjoker/CVE-2025-68613POC详情
11Analysis of CVE-2025-68613https://github.com/r4j3sh-com/CVE-2025-68613-n8n-labPOC详情
12Nonehttps://github.com/intelligent-ears/CVE-2025-68613POC详情
13GUI Shodan-powered scanner to identify n8n instances exposed to CVE-2025-68613 (version range 0.211.0–1.122.0)https://github.com/manyaigdtuw/CVE-2025-68613_ScannerPOC详情
14Remote Code Execution via n8n Workflows (Based on CVE-2025-68613)https://github.com/AbdulRKB/n8n-RCEPOC详情
15Python Exploit for CVE-2025-68613.https://github.com/JohannesLks/CVE-2025-68613-Python-ExploitPOC详情
16n8n God Mode Ultimate - CVE-2025-68613 Scanner v1.0.0 ║ ║ Workflow Automation Remote Code Execution https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-UltimatePOC详情
17Proof-of-Concept exploit for CVE-2025-68613: Authenticated Remote Code Execution in n8n via Expression Injectionhttps://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613POC详情
18Technical study of the CVE-2025-68613 vulnerability in n8n, covering affected versions, laboratory exploration scenario, offensive and defensive analysis, and mitigation strategies.https://github.com/releaseown/Analysis-n8n-CVE-2025-68613POC详情
19Nonehttps://github.com/Dlanang/homelab-CVE-2025-68613POC详情
20Nonehttps://github.com/Khin-96/n8n-cve-2025-68613-thmPOC详情
21The minor methodology for room: https://tryhackme.com/room/n8ncve202568613https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMePOC详情
22CVE-2025-68613 (n8n) Critical RCE analysis + defensive recommendations (patch validation, detection ideas, and hardening tips)https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysisPOC详情
23This laboratory provides a controlled environment to analyze and reproduce CVE-2025-68613 in a vulnerable n8n instance.https://github.com/LingerANR/n8n-CVE-2025-68613POC详情
24POC for CVE-2025-68613https://github.com/reem-012/poc_CVE-2025-68613POC详情
25Technical study of the CVE-2025-68613 vulnerability in n8n, covering affected versions, laboratory exploration scenario, offensive and defensive analysis, and mitigation strategies.https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613POC详情
26n8n CVE-2025-68613https://github.com/gagaltotal/n8n-cve-2025-68613POC详情
27CVE-2025-68613https://github.com/Ashwesker/Ashwesker-CVE-2025-68613POC详情
28Nonehttps://github.com/cv-sai-kamesh/n8n-CVE-2025-68613POC详情
29n8n RCE (CVE-2025-68613) - Proof of Concepthttps://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613POC详情
30Expression injection payloads for n8n CVE-2025-68613 RCEhttps://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloadsPOC详情
31Lab for CVE-2025-68613 n8n RCEhttps://github.com/shibaaa204/CVE-2025-68613POC详情
32Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/n8n%20%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B2%99%E7%AE%B1%E9%80%83%E9%80%B8%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-68613.mdPOC详情
33CVE-2025-68613https://github.com/sahilccras/Blackash-CVE-2025-68613POC详情
34Nonehttps://github.com/Rishi-kaul/n8n-CVE-2025-68613POC详情
35Relatório TryHackMe — n8n CVE-2025-68613 (CVSS 9.9)https://github.com/Victorhugofariasvieir66/relatorio-n8n.mdPOC详情
36https://github.com/vulhub/vulhub/blob/master/n8n/CVE-2025-68613/README.mdPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2025-68613 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: n8n
Same vendor: n8n-io
Same weakness: CWE-913
V. Comments for CVE-2025-68613

暂无评论

发表评论