CVE-2025-49619
Published: 07 June 2025
Summary
CVE-2025-49619 is a high-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Github (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Skyvern through version 0.1.85 contains a server-side template injection vulnerability in the Prompt field of workflow blocks such as the Navigation v2 Block. The flaw stems from insufficient sanitization of Jinja2 template expressions supplied by users, which are then evaluated on the server and can result in blind remote code execution.
Authenticated users with access to workflow configuration can supply crafted template expressions to achieve code execution on the server. The CVSS 8.5 rating reflects network attack vector, low attack complexity, and low privileges required, with impacts primarily on confidentiality and limited integrity.
A patch addressing the issue is referenced in the Skyvern commit db856cd8433a204c8b45979c70a4da1e119d949d. Public exploit code is also available via Exploit-DB entry 52335, and detailed analysis appears in the linked technical write-ups. The EPSS score has remained at 0.7354 without a material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17375
Vulnerability details
Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on…
more
the server, leading to blind remote code execution (RCE).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.