n8n: CVE-2025–68613 | TryHackMe Write-Up
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户给的文章是关于n8n平台的一个漏洞CVE-2025–68613。首先,我要理解文章的主要内容。 文章提到这是一个关键漏洞,CVSS评分9.9,属于远程代码执行(RCE)类型。影响的版本是从0.211.0到1.120.3。攻击者可以通过注入恶意JavaScript代码来执行系统命令。建议用户升级到1.120.4、1.121.1或1.122.0版本。 接下来,我需要将这些信息浓缩到大约一百字以内。要注意关键点:漏洞名称、类型、影响范围、攻击方式、建议措施。 可能的结构是:n8n平台存在严重漏洞CVE-2025–68613,属于RCE类型,影响特定版本。攻击者可注入JS代码执行系统命令,建议升级到安全版本。 检查字数是否在限制内,并确保没有使用任何不需要的开头词。 </think> n8n平台发现严重漏洞CVE-2025–68613(CVSS 9.9),属远程代码执行(RCE)类型,影响版本0.211.0至1.120.3。攻击者可注入恶意JS代码执行系统命令。建议更新至安全版本(如1.120.4)以修复漏洞。 2026-2-13 07:6:39 Author: infosecwriteups.com(查看原文) 阅读量:2 收藏

Mochammad Farros Fatchur Roji

Non-members are welcome to access the full story here.

Here i want to share about my write-up for the room n8n: CVE-2025–68613 ↗ , Learn how adversaries can exploit the CVE-2025–68613 vulnerability in n8n. Hope it is useful for learning about cybersecurity.

Press enter or click to view image in full size

credit: TryHackMe

Task 1: Introduction

CVE-2025–68613 is a critical vulnerability (CVSS 9.9) in the n8n workflow automation platform, published in December 2025. This vulnerability is a Remote Code Execution (RCE) flaw found in the workflow expression evaluation system, affecting versions 0.211.0 through 1.120.3. It allows authenticated attackers to execute system-level commands by injecting malicious JavaScript code. Users are strongly advised to update to patched versions (1.120.4, 1.121.1, or 1.122.0) to secure their instances.

Let’s dive into the technical details.

No answer needed

Task 2: Technical Background

n8n is built on Node.js and uses an Expression Evaluation System to process dynamic user input wrapped in {{ }}. The vulnerability exists because this system lacks proper sandboxing. An attacker can escape the intended context by using this to access the global Node.js object. The exploit chain typically involves accessing…


文章来源: https://infosecwriteups.com/n8n-cve-2025-68613-tryhackme-write-up-11906959fa5c?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh