CVE-2025-49619

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-49619
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-49619.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-49619
Aliases
Published
2025-06-07T14:15:21Z
Modified
2025-06-17T22:48:53.779929Z
Summary
[none]
Details

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).

References

Affected packages

Git / github.com/skyvern-ai/skyvern

Affected ranges

Type
GIT
Repo
https://github.com/skyvern-ai/skyvern
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.1
0.1.2

v0.*

v0.1.10
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.34
v0.1.35
v0.1.36
v0.1.37
v0.1.38
v0.1.39
v0.1.4
v0.1.40
v0.1.41
v0.1.42
v0.1.43
v0.1.44
v0.1.45
v0.1.46
v0.1.47
v0.1.48
v0.1.49
v0.1.5
v0.1.50
v0.1.51
v0.1.52
v0.1.53
v0.1.54
v0.1.55
v0.1.56
v0.1.57
v0.1.58
v0.1.59
v0.1.6
v0.1.60
v0.1.61
v0.1.62
v0.1.63
v0.1.64
v0.1.65
v0.1.66
v0.1.67
v0.1.68
v0.1.7
v0.1.71
v0.1.73
v0.1.75
v0.1.76
v0.1.77
v0.1.79
v0.1.8
v0.1.80
v0.1.81
v0.1.82
v0.1.83
v0.1.84
v0.1.85
v0.1.9