6 matches found
Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Exploit Title: Skyvern 0.1.85 - Remote Code Execution RCE via SSTI Date: 2025-06-15 Exploit Author: Cristian Branet Vendor Homepage: https://www.skyvern.com/ Software Link: https://github.com/Skyvern-AI/skyvern Version: Settings - API Key - Reveal and copy the API key" parser.addargument"-i",...
Exploit for CVE-2025-49619
CVE-2025-49619 PoC --- This script exploits CVE-2025-49619...
CVE-2025-49619
creationtimestamp| type| source ---|---|--- 2025-06-07 14:30:39+00:00| published-proof-of-concept| Telegram/YSJhdJjMlrABiHF1mC9tmQTTaLYxNBOL8QpiCjaALoLvyOE 2025-06-07 16:58:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqzszxvl7m2c 2025-06-15 08:14:08+00:00|...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...
CVE-2025-49619
Skyvern is affected by a server-side template injection (SSTI) in the Prompt field of workflow blocks (notably Navigation v2). The root cause is improper sanitization of Jinja2 input, allowing an authenticated user to inject expressions that are evaluated server-side, leading to blind remote code...
CVE-2025-49619
Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...