- Description
- Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.5
- Impact score
- 4.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-1336
- Hype score
- Not currently trending
CVE-2025-49619 (CVSS:8.5, HIGH) is Awaiting Analysis. Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py...https://t.co/IXyrEFG4av #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
12 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ High severity alert: Skyvern <=0.1.85 has a Jinja runtime leak (CVE-2025-49619). Patch now! Details: https://t.co/suC94WJdPr #OffSeq #CVE202549619 #Skyvern #CyberSecurity #Vulnerability https://t.co/HVD1v87Fw6
@offseq
8 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49619 Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py. https://t.co/S9FMSVHskt
@CVEnew
7 Jun 2025
857 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-49619: HIGH] Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py.#cve,CVE-2025-49619,#cybersecurity https://t.co/hgAPK01zIU https://t.co/RIUOBCSw9h
@CveFindCom
7 Jun 2025
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes