¡¾¸´ÏÖ¡¿n8n±í´ïʽעÈë¿Éµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐЩ¶´£¨CVE-2025-68613£©
·¢²¼Ê±¼ä 2026-01-13n8nÊÇÒ»¸ö¿ªÔ´µÄ¹¤×÷Á÷³Ì×Ô¶¯»¯Æ½Ì¨£¬Ö¼ÔÚ¿ÉÊÓ»¯Á¬½ÓÓ¦ÓóÌÐòºÍ·þÎñ£¬ÊµÏÖÈÎÎñ×Ô¶¯»¯£¬²¢¼¯³É°²È«¹¤¾ßºÍSaaSƽ̨¡£Æä»ùÓÚNode.js¹¹½¨£¬Ê¹ÓÃJavaScript×÷Ϊƽ̨ÄÚ²¿½á¹¹ºÍÓû§¹¤×÷Á÷³ÌÂß¼¡£
2025Äê12ÔÂ20ÈÕn8n·¢²¼¸üУ¬ÐÞ¸´ÁËn8nÖÐͨ¹ý±í´ïʽעÈëµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐЩ¶´£¨CVE-2025-68613£©,CVSSÆÀ·Ö9.9·Ö£¨ÑÏÖØ£©¡£ÎÊÌâ³öÔÚ¹¤×÷Á÷³ÌÖеıí´ïʽÆÀ¹Àϵͳ¡£ÔÚijЩÇé¿öÏ£¬¾¹ýÉí·ÝÑéÖ¤µÄÓû§ÊäÈëµÄ±í´ïʽ¿ÉÒÔÔÚÓëµ×²ãÔËÐÐʱ¸ôÀë²»×ãµÄÉÏÏÂÎÄÖÐÖ´ÐУ¬ÕâÔÊÐíʹÓÃn8n½ø³ÌµÄȨÏÞÖ´ÐÐÈÎÒâ´úÂ롣ʵ¼ÊÉÏ£¬³É¹¦ÀûÓÿÉÄܵ¼Ö£º
? ÍêÈ«¿ØÖÆÊµÀý
? ·ÃÎÊÃØÃÜ£¨ÁîÅÆ¡¢Æ¾¾Ý¡¢API ÃÜÔ¿£©
? ³Ö¾ÃÐ޸Ť×÷Á÷³Ì
? ÔÚϵͳ¼¶±ðÖ´ÐÐÃüÁî
? ½« n8n ÓÃ×÷ÍøÂçÖеÄÊàŦµã
¸ù¾Ý¹¥»÷Ãæ¹ÜÀíÆ½Ì¨CensysµÄÊý¾Ý£¬½ØÖÁ2025Äê12ÔÂ22ÈÕ£¬»¥ÁªÍøÉÏ´æÔÚ103,476¸öDZÔÚµÄÒ×Êܹ¥»÷n8nʵÀý¡£ÓÉÓÚ¸ÅÄîÑé֤©¶´ÀûÓóÌÐòÒѾ·¢²¼£¬²¢ÇҸé¶´ÒÑÔÚ»¥ÁªÍøÉϹ㷺´«²¥£¬Ó°Ï췶Χ½Ï´ó£¬ÌáÐÑÏà¹ØÓû§×öºÃÉý¼¶·À»¤¹¤×÷¡£
©¶´ÃèÊö
ÔÚn8nµÄ¹¤×÷Á÷±í´ïʽÆÀ¹ÀϵͳÖУ¬¸ÃϵͳÔÚ¹¤×÷Á÷ÅäÖÃÖÐÓÉÈÏÖ¤Óû§ÌṩµÄ±í´ïʽÔÚ²»°²È«µÄÖ´Ðл·¾³Öб»ÆÀ¹À¡£ºËÐݲȫ©¶´ÊÇÒ»¸ö±í´ïʽעÈë©¶´£¬Ê¹¾¹ýÈÏÖ¤µÄ¹¥»÷ÕßÄܹ»ÒÔn8n½ø³ÌµÄȨÏÞÖ´ÐÐÈÎÒâJavaScript´úÂë¡£¾ßÌåÀ´Ëµ£º
? n8n´¦ÀíÓÃË«´óÀ¨ºÅ{{ }}°ü¹üµÄÓû§ÊäÈ룬×÷ΪJavaScript´úÂ룬ÇÒûÓÐ×ã¹»µÄɳºÐ»òÊäÈëÑéÖ¤¡£
? ±í´ïʽÇóÖµÆ÷ȱ·¦Êʵ±µÄÉÏÏÂÎĸôÀ룬ʹ¹¥»÷ÕßÄܹ»ÌÓÀëÔ¤ÆÚµÄÆÀ¹ÀɳºÐ¡£
? ÈÏÖ¤¶Ô¸Ã©¶´Ã»ÓÐʵÖÊÐԵı£»¤£¬Èκξ¹ýÈÏÖ¤µÄÓû§¶¼¿ÉÒÔÀûÓÃËü¡£
n8n¹Ù·½ÃèÊöΪ£ºn8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
Ó°Ï췶Χ
? 0.211.0 <= n8n < 1.120.4
? n8n 1.121.0
©¶´ÔÀí
¸Ã°æ±¾´úÂëÖдæÔÚ¶à´¦°²È«ÎÊÌ⣺
£¨1£©Â©¶´¸ùÔ´expression.tsÎļþÖеÄresolveSimpleParameterValueº¯ÊýÖдæÔڵݲȫÎÊÌâÈçÏ£º
? ´úÂ뽫process¶ÔÏó±©Â¶¸øÁ˱í´ïʽÇóÖµµÄdataÉÏÏÂÎÄ¡£
? ËäȻֻ±©Â¶Á˲¿·ÖÊôÐÔ£¬µ«Õâ¸ödata.processÒýÓõÄÊÇʵ¼ÊµÄ Node.js process ¶ÔÏó¡£
? ¹¥»÷Õß¿ÉÒÔͨ¹ýthis.process.mainModule.require()ÈÆ¹ýɳÏäÏÞÖÆ·ÃÎÊÍêÕûµÄ process ¶ÔÏó¡£

£¨2£©±í´ïʽÇóÖµÈë¿Úexpression-evaluator-proxy.tsÎļþÖдæÔڵݲȫÎÊÌâÈçÏ£º
? ʹÓÃTournament¿â×÷ΪɳÏä»·¾³¡£
? Ö»ÓÐafter½×¶ÎµÄPrototypeSanitizerºÍDollarSignValidator¹ýÂËÆ÷¡£
? ûÓÐÓÐЧ×èֹͨ¹ýthis¹Ø¼ü×Ö·ÃÎÊÖ´ÐÐÉÏÏÂÎÄ¡£

£¨3£©É³Ïä³õʼ»¯µÄexpression.tsÎļþÖеÄinitializeGlobalContextº¯ÊýÖдæÔڵݲȫÎÊÌâÈçÏ£º
? Ö»×èÖ¹ÁËÖ±½Óµ÷ÓÃeval¡¢FunctionµÈ¡£
? ûÓÐ×èֹͨ¹ýprocess.mainModule.require()·ÃÎÊNode.jsÄ£¿é¡£

©¶´¸´ÏÖ

¿ÉÒÔ¿´¼ûÃüÁîÖ´ÐеĽá¹ûÔÚÓұߡ£Â©¶´´¥·¢ºó£¬Ö´ÐÐÁËϵͳÃüÁ»ñÈ¡µ½ÁËidµÄÖµ¡£
°²È«½¨Òé
Á¢¼´Éý¼¶£º
? n8n¹Ù·½ÒÑ·¢²¼ÐÞ¸´°æ±¾n8n v1.122.0£¬Ç¿ÁÒ½¨ÒéÓû§Éý¼¶µ½1.122.0»ò¸ü¸ß°æ±¾¡£
ÁÙʱ»º½â´ëÊ©£º
? ÏÞÖÆ¹¤×÷Á÷´´½¨ºÍ±à¼È¨ÏÞ½öÏÞÓÚÍêÈ«ÐÅÈεÄÓû§¡£
? ½«n8n²¿ÊðÔÚ¾ßÓÐÊÜÏÞ²Ù×÷ϵͳȨÏÞºÍÍøÂç·ÃÎÊȨÏÞµÄÇ¿»¯»·¾³ÖУ¬ÒÔ¼õÉÙDZÔÚ©¶´ÀûÓõÄÓ°Ïì¡£
[1]https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
mansion88Ã÷Éý»ý¼«·ÀÓùʵÑéÊÒ£¨ADLab£©
ADLab³ÉÁ¢ÓÚ1999Ä꣬ÊÇÖйú°²È«ÐÐÒµ×îÔç³ÉÁ¢µÄ¹¥·À¼¼ÊõÑо¿ÊµÑéÊÒÖ®Ò»£¬Î¢ÈíMAPP¼Æ»®ºËÐijÉÔ±£¬¡°ºÚȸ¹¥»÷¡±¸ÅÄîÊ×ÍÆÕß¡£½ØÖÁĿǰ£¬ADLabÒÑͨ¹ý CNVD/CNNVD/NVDB/CVEÀۼƷ¢²¼°²È«Â©¶´7000Óà¸ö£¬³ÖÐø±£³Ö¹ú¼ÊÍøÂ簲ȫÁìÓòÒ»Á÷Ë®×¼¡£ÊµÑéÊÒÑо¿·½Ïòº¸Ç»ù´¡°²È«Ñо¿¡¢ÔËÓªÉÌ»ù´¡ÍøÂçÉèÊ©°²È«Ñо¿¡¢Òƶ¯Öն˰²È«Ñо¿¡¢Ôư²È«Ñо¿¡¢ÐÅ´´°²È«Ñо¿¡¢ÎïÁªÍø°²È«Ñо¿¡¢³µÁªÍø°²È«Ñо¿¡¢¹¤¿Ø°²È«Ñо¿¡¢ÎÞÏß°²È«Ñо¿¡¢Êý¾Ý°²È«Ñо¿¡¢AI°²È«Ñо¿¡¢µÍ¿Õ°²È«Ñо¿¡¢¸ß¼¶ÍþвÑо¿¡¢¹¥·ÀÌåϵ½¨Éè¡£Ñо¿³É¹ûÓ¦ÓÃÓÚ²úÆ·ºËÐļ¼ÊõÑо¿¡¢¹ú¼ÒÖØµã¿Æ¼¼ÏîÄ¿¹¥¹Ø¡¢×¨Òµ°²È«·þÎñµÈ¡£



¾©¹«Íø°²±¸11010802024551ºÅ