đ¨ n8n Expression Injection RCE CVE-2025-68613
What is n8n?
n8n is a visual workflow automation platform that connects different apps, services, and AI models so they can talk to each other. It acts as a digital assistant to automate boring, repetitive tasks without requiring you to write everything from scratch.
Versions 0.211.0 through 1.120.3 contain a critical Remote Code Execution (RCE) vulnerability within the workflow expression evaluation system. If exploited, this flaw enables an authenticated attacker to execute system-level commands, potentially leading to data breaches, service disruptions, or full system compromise, all with the privileges assigned to the n8n process.
How does n8n work exactly?
It is built on Node.js, using JavaScript for platform internals and user workflow logic. Its architecture includes:
- Workflow Execution Engine: The core computational component responsible for orchestrating node-based workflow execution
- Expression Evaluation System: Processes dynamic expressions wrapped in double curly bracesÂ
{{ }}Â that are evaluated as JavaScript code during workflow execution - Code Nodes: Allow users to write custom JavaScript or Python code as workflow steps, extending platform capabilities
- 400+ Native Integrations: Pre-built connectors to various APIs and services that form the nodes in workflows
Weakness in the Express Evaluation System
The vulnerability exists in the Express Evaluation system that n8n uses. Any authenticated user had the ability to execute expressions during workflow configuration in an insecure execution environment.
Expression Injection vulnerability is the core flaw here in the n8n system where authenticated users could execute arbitrary javascript code under the privileges of an official n8n process.
In short,
- n8n processed expression inside
{{ }}brackets without proper sandbox environment or input validation. - Expression evaluator lacked proper context isolation allowing expressions to escape the evaluation sandbox.
- Authentication of users did not really help in avoiding this exploit as any authenticated user could use arbitrary Javascript code / expressions to take advantage of this vulnerability.
The Exploit
Let us consider a payload by wioui
function () {
return this.process.mainModule.require('child_process')
.execSync('id').toString()
}
The payload uses a function in which a return is executed. Within the evaluation context, n8n will try to execute the function starting with whatever is written within the return statement.
In our case, its the this global object. Let us dissect the above payload so it becomes easier to understand what is exactly happening ,
this.process.mainModule
thisis a global object in the Node.js execution context.processis another global object within the Node.js execution that provides access to system level processes.mainModuleis a call to the root module of the Node.js application
This code tries to bypass regular javascript sandbox restriction by accessing Node.js application internals (root modules). This is typically not allowed to executed under regular user expressions.
require('child_process')
- Once we get access to .mainModule, the next goal is to try to execute system commands.
- In Node.js, the
require()function is the module loading function. Inside that function,child_processis core Node.js module to allow us to execute system commands. child_processis very dangerous module that should never be allowed for user expressions.
.execSync('pwd').toString()
- Now we can simply use .
execSync()to execute system commands. For example, we can inputâidâto see user identity information or use âpwdâ to see the present working directory. - the
toString()simply coverts buffer output from.execSync()to a string format for us to read.
Steps to perform the Exploit
Let us now perform this exploit using tryHackMeâs virtual attacker and target VMâs.
Weâll log into n8n on the attacker machine using the target machines ip address (Technically any authenticated user can perform this on any device)

After logging in, we see the n8n workflow space and area. Click on the âAdd first step..â to add a trigger.

Now search for âManual Triggerâ. This trigger will allow us to manually set the field.


Now click on the â+â sign as shown in the image above. Search for âEdit fields (Set)â to allow us to edits fields as needed.

Now make sure, the mode is set to âManual Mapping. Now this is where the actual exploit takes place. Click on âAdd Fieldâ and name it anything you want. Here I have named it âExploitâ and in the value field just below, paste the payload from wioui as seen above.
Now before clicking on âExecute Stepâ, make sure inside the execSync() function, youâve typed in a system command youâd like to run. In my case, Iâve left is as id. Finally click on âExecute Stepâ


That is it. That is all it takes to successfully perform the exploit. As soon as it executes the step, we can see that our system command (id and pwd) has been executed successfully.
How to detect the Expression Injection Remote Code Execution
Let us discuss on we can configure a SIEM to detect Expression Injection Remote Code Execution (CVE-2025-68613)
1. nginx log method
Below you can see a sample configuration for nginx to log body content with 'Request-Body: "$request_body" '.
http {
# Load Lua module
lua_package_path "/etc/nginx/lua/?.lua;;";
# Custom log format
log_format detailed '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'Request-Body: "$request_body" '
'Content-Type: "$http_content_type" '
'Duration: $request_time s';
# ... rest of http block ...
The key idea is that the malicious payload is usually delivered in the HTTP request body. Logging the request body gives defenders visibility into what was actually submitted to the application, making it much easier to detect attempted exploitation
Normally, nginx access logs record things like:
- Client IP
- URL
- HTTP method
- Response status
- User-Agent
They do not include the POST body by default. With this configuration, a request like the one below would have the JSON payload written into the access log.
POST /rest/workflows HTTP/1.1
Content-Type: application/json
{
"name":"test",
"nodes":[...]
}
Vulnerable versions of n8n allowed workflow definitions using JSON. An attacker could perform expression injection RCE using JSON as workflow definition.
{
"parameters": {
"value": "={{ malicious_expression }}"
}
}
Via the the custom nginx log rule, we can detect such RCE attempts and identify the payload right at the beginning using a proxy.
2. Sigma Rule
đĄ What is a Sigma Rule?
â Sigma Rules are YAML-written textual signatures designed to identify suspicious activity potentially related to cyber threat anomalies in log events. One of the main advantages of these rules is their standardized format that permits writing the rule once and applying it across various SIEM products without needing to rewrite the rule.
The main focus of Sigma rules is to detect log events matching criteria established by the SoC engineer. This is especially useful for creating Incident Response detection or automated responses.
Below is sigma rule provided by the TryHackMe content engineering team,
title: N8N Workflow RCE Attempt
status: experimental
description: Detects attempts to inject JavaScript expressions into n8n workflow
payloads that execute OS commands via
"this.process.mainModule.require('child_process').execSync(...)""
author: TryHackMe Content Engineering Team
references:
- <https://github.com/wioui/n8n-CVE-2025-68613-exploit>
date: 2025-12-23
tags:
- attack.execution
- attack.t1059.007
logsource:
category: webserver
product: generic
detection:
selection:
cs-method: POST
cs-uri-stem|endswith: /rest/workflows
keywords:
# Strong indicators of this n8n expression injection RCE
- "this.process.mainModule.require('child_process')"
- ".execSync("
- "={{ (function(){"
- "toString() })()"
condition: selection and all of keywords
falsepositives:
- Security testing / red team simulations
- Developers storing these exact strings in logged fields
level: high
In summary, this Sigma rule does:
- Select only requests to theÂ
/rest/workflows URI path with the methodÂPOST. - Search for keywords in the body content related to the CVE-2025-68613 exploitation.
It also important to make sure monitoring takes place after the attacker performs the exploitation.
This is critical, since an attacker who only has a valid n8n credentials can fully abuse this RCE to carry out a wide range of malicious actions, such as:
- Establishing a reverse shell to gain interactive access to the system.
- Downloading and executing malicious payloads to maintain persistence or escalate impact.
- Running reconnaissance commands to enumerate the environment hosting the n8n application.
Conclusion
Today we talked about CVE-2025-68613 (n8n Expression Injection RCE) and discussed how a simple payload can exploit the application design flaws in n8n. It highlights the importance of not just input validation but making sure user inputed code stays within the intended application runtime and sandbox environment.
Sources
Payload Script by wioui
VM's and nginx / sigma rule scripts by TryHackMe Content Engineering Team