I Exploited n8n vulnerability CVE:2025–68316 tryhackme walkthrough

CVE-2025–68613 is a critical vulnerability in n8n, an open-source workflow automation platform, with a CVSS score of 9.9. This…

Mainekhacker

~2 min read · December 26, 2025 (Updated: December 26, 2025) · Free: Yes

CVE-2025–68613 is a critical vulnerability in n8n, an open-source workflow automation platform, with a CVSS score of 9.9. This vulnerability was disclosed on December 19, 2025.

This is easy Tryhackme walkthrough to solve and understand exploit of n8n CVE : 2025 68316

What is n8n?

n8n allows users to automate tasks by visually connecting applications through workflows made up of nodes. Each node performs an action, such as API requests or data processing. It is commonly used for automation in operational tasks and integrating various services.

Deployment Configurations

n8n can be deployed in three primary ways:

Self-hosted instances: Organizations run n8n on their own infrastructure for data control.
Cloud-hosted (n8n.cloud): A managed service utilizing shared infrastructure.
Internal automation tools: Deployed within corporate networks to automate business processes.

Vulnerability Details

The vulnerability exists in versions 0.211.0 to 1.120.3 within the workflow expression evaluation system, allowing Remote Code Execution (RCE). This means an authenticated attacker could execute system-level commands, potentially causing data breaches or service disruptions under the n8n process's privileges.

Mitigation

This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0, and it is crucial for users to update to one of these patched versions to secure their systems.

Discussion Points

In this session, we will cover the technical aspects, demonstrate exploitation via a web browser, and explore detection strategies related to this vulnerability.

Overview of n8n and Its Vulnerability

n8n is an automation platform built on Node.js that allows users to create workflows using JavaScript. It includes several key components:

Key Components of n8n

Workflow Execution Engine: Manages the execution of node-based workflows.
Expression Evaluation System: Executes dynamic expressions written in JavaScript during workflow execution.
Code Nodes: Allow custom JavaScript or Python code for extended functionality.
400+ Native Integrations: Pre-built connections to various APIs used as nodes in workflows.

Exploit Details

The vulnerability in n8n lies in its expression evaluation system, allowing authenticated users to inject malicious JavaScript due to insufficient sandboxing. The core issue is an expression injection flaw that enables attackers to run arbitrary JavaScript with the same privileges as the n8n process.

How the Exploit Works

Expression Handling: n8n evaluates user inputs within double-curly braces ({{ }}) as JavaScript code without proper validation.
Context Escalation:

The exploit leverages the this keyword to access the global Node.js object.

#tryhackme-walkthrough #cybersecurity #cve #n8n #tryhackme-writeup