Lucene search
+L

6 matches found

Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.300 views

Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI

Exploit Title: Skyvern 0.1.85 - Remote Code Execution RCE via SSTI Date: 2025-06-15 Exploit Author: Cristian Branet Vendor Homepage: https://www.skyvern.com/ Software Link: https://github.com/Skyvern-AI/skyvern Version: Settings - API Key - Reveal and copy the API key" parser.addargument"-i",...

8.5CVSS8.5AI score0.13746EPSS
Exploits6
GithubExploit
GithubExploit
added 2025/06/09 10:9 a.m.249 views

Exploit for CVE-2025-49619

CVE-2025-49619 PoC --- This script exploits CVE-2025-49619...

8.5CVSS6.8AI score0.13746EPSS
Exploits6
Circl
Circl
added 2025/06/07 2:30 p.m.23 views

CVE-2025-49619

creationtimestamp| type| source ---|---|--- 2025-06-07 14:30:39+00:00| published-proof-of-concept| Telegram/YSJhdJjMlrABiHF1mC9tmQTTaLYxNBOL8QpiCjaALoLvyOE 2025-06-07 16:58:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqzszxvl7m2c 2025-06-15 08:14:08+00:00|...

8.5CVSS5.3AI score0.13746EPSS
Exploits6References7
NVD
NVD
added 2025/06/07 2:15 p.m.15 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS0.13746EPSS
Exploits6References4
CVE
CVE
added 2025/06/07 12:0 a.m.108 views

CVE-2025-49619

Skyvern is affected by a server-side template injection (SSTI) in the Prompt field of workflow blocks (notably Navigation v2). The root cause is improper sanitization of Jinja2 input, allowing an authenticated user to inject expressions that are evaluated server-side, leading to blind remote code...

8.5CVSS8.7AI score0.13746EPSS
In wildExploits6References4
OSV
OSV
added 2025/06/07 12:0 a.m.7 views

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

8.5CVSS8.7AI score0.13746EPSS
Exploits6References6
Rows per page
Query Builder