支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款
一、 漏洞 CVE-2025-68613 基础信息
漏洞信息
                                        # n8n 表达式注入远程代码执行漏洞

N/A
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
n8n Vulnerable to Remote Code Execution via Expression Injection
来源:美国国家漏洞数据库 NVD
漏洞描述信息
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
动态管理代码资源的控制不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
n8n 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 0.211.0版本至1.120.4版本、1.121.1版本和1.122.0版本之前版本存在安全漏洞,该漏洞源于工作流表达式评估系统隔离不足,可能导致远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-68613 的公开POC
#POC 描述源链接神龙链接
1Detection for CVE-2025-68613https://github.com/rxerium/CVE-2025-68613POC详情
2CVE-2025-68613https://github.com/Ashwesker/Blackash-CVE-2025-68613POC详情
3Public PoC + Scanner and research for CVE-2025-68613: Critical RCE in n8n Workflow Automation via Expression Injection (CVSS 10.0). Includes detection tools, full exploit, and remediation guidance.https://github.com/TheStingR/CVE-2025-68613-POCPOC详情
4CVE-2025-68613: n8n RCE vulnerability exploit and documentationhttps://github.com/wioui/n8n-CVE-2025-68613-exploitPOC详情
5通过GitHub Copilot 辅助分析CVE-2025-68613漏洞https://github.com/intbjw/CVE-2025-68613-poc-via-copilotPOC详情
6Nonehttps://github.com/ali-py3/Exploit-CVE-2025-68613POC详情
7This repository contains a laboratory-grade analysis and a **safe Proof-of-Concept** for the vulnerability **CVE-2025-68613**, affecting the workflow automation platform **n8n**.https://github.com/nehkark/CVE-2025-68613POC详情
8My poc to exploit this vuln :Dhttps://github.com/GnuTLam/POC-CVE-2025-68613POC详情
9n8n < 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-68613.yamlPOC详情
10基于Pocsuite3 框架编写的漏洞验证与利用脚本,用于检测 n8n工作流自动化工具中的认证后远程代码执行漏洞(RCE)https://github.com/secjoker/CVE-2025-68613POC详情
11Analysis of CVE-2025-68613https://github.com/r4j3sh-com/CVE-2025-68613-n8n-labPOC详情
12Nonehttps://github.com/intelligent-ears/CVE-2025-68613POC详情
13GUI Shodan-powered scanner to identify n8n instances exposed to CVE-2025-68613 (version range 0.211.0–1.122.0)https://github.com/manyaigdtuw/CVE-2025-68613_ScannerPOC详情
14Remote Code Execution via n8n Workflows (Based on CVE-2025-68613)https://github.com/AbdulRKB/n8n-RCEPOC详情
15Python Exploit for CVE-2025-68613.https://github.com/JohannesLks/CVE-2025-68613-Python-ExploitPOC详情
16n8n God Mode Ultimate - CVE-2025-68613 Scanner v1.0.0 ║ ║ Workflow Automation Remote Code Execution https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-UltimatePOC详情
17Proof-of-Concept exploit for CVE-2025-68613: Authenticated Remote Code Execution in n8n via Expression Injectionhttps://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613POC详情
18Technical study of the CVE-2025-68613 vulnerability in n8n, covering affected versions, laboratory exploration scenario, offensive and defensive analysis, and mitigation strategies.https://github.com/releaseown/Analysis-n8n-CVE-2025-68613POC详情
19Nonehttps://github.com/Dlanang/homelab-CVE-2025-68613POC详情
20Nonehttps://github.com/Khin-96/n8n-cve-2025-68613-thmPOC详情
21The minor methodology for room: https://tryhackme.com/room/n8ncve202568613https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMePOC详情
22CVE-2025-68613 (n8n) Critical RCE analysis + defensive recommendations (patch validation, detection ideas, and hardening tips)https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysisPOC详情
23This laboratory provides a controlled environment to analyze and reproduce CVE-2025-68613 in a vulnerable n8n instance.https://github.com/LingerANR/n8n-CVE-2025-68613POC详情
24POC for CVE-2025-68613https://github.com/reem-012/poc_CVE-2025-68613POC详情
25Technical study of the CVE-2025-68613 vulnerability in n8n, covering affected versions, laboratory exploration scenario, offensive and defensive analysis, and mitigation strategies.https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613POC详情
26n8n CVE-2025-68613https://github.com/gagaltotal/n8n-cve-2025-68613POC详情
27CVE-2025-68613https://github.com/Ashwesker/Ashwesker-CVE-2025-68613POC详情
28Nonehttps://github.com/cv-sai-kamesh/n8n-CVE-2025-68613POC详情
29n8n RCE (CVE-2025-68613) - Proof of Concepthttps://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613POC详情
30Expression injection payloads for n8n CVE-2025-68613 RCEhttps://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloadsPOC详情
31Lab for CVE-2025-68613 n8n RCEhttps://github.com/shibaaa204/CVE-2025-68613POC详情
32Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/n8n%20%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B2%99%E7%AE%B1%E9%80%83%E9%80%B8%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-68613.mdPOC详情
三、漏洞 CVE-2025-68613 的情报信息
四、漏洞 CVE-2025-68613 的评论

暂无评论

发表评论