CVE-2025-49619

high-risk
Published 2025-06-07

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).

Do I need to act?

!
73.5% chance of exploitation in next 30 days
EPSS score — higher than 26% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
52335
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.5/10 High
NETWORK / LOW complexity

References (4)

https://cristibtz.github.io/posts/CVE-2025-49619/
https://github.com/Skyvern-AI/skyvern/commit/db856cd8433a204c8b45979c70a4da1e119...
https://www.exploit-db.com/exploits/52335
https://cristibtz.blog/posts/CVE-2025-49619/
53
/ 100
high-risk
Severity 29/34 · Critical
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal