📄 Skyvern 0.1.84 Template Injection / Code Execution

Skyvern version 0.1.84 remote code execution proof of concept exploit that leverages a vulnerability in workflow creation functionality where user-supplied input in the prompt field is processed through Jinja2 templating engine without proper sanitization, allowing attackers to execute arbitrary...

VulnCheck KEV: CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

Skyvern 0.1.85 Server-Side Template Injection

Proof of concept exploit that leverages a server-side template injection flaw in Skyvern versions up to 0.1.85 to launch a reverse shell...

Skyvern SSTI Remote Code Execution

This module exploits SSTI vulnerability in Skyvern use exploit/linux/http/skyvernssticve202549619 msf exploitskyvernssticve202549619 show targets ...targets... msf exploitskyvernssticve202549619 set TARGET msf exploitskyvernssticve202549619 show options ...show and set options... msf...

📄 Skyvern 0.1.84 SSTI Remote Code Execution

This Metasploit module exploits a server-side template injection vulnerability in Skyvern versions 0.1.84 and below. The module requires an API key to deliver requests and upload the malicious workflow. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 Skyvern 0.1.85 Remtoe Code Execution / SSTI

Skyvern version 0.1.85 suffers from a remote code execution vulnerability via server-side template injection. Exploit Title: Skyvern 0.1.85 - Remote Code Execution RCE via SSTI Date: 2025-06-15 Exploit Author: Cristian Branet Vendor Homepage: https://www.skyvern.com/ Software Link:...

Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI

Exploit Title: Skyvern 0.1.85 - Remote Code Execution RCE via SSTI Date: 2025-06-15 Exploit Author: Cristian Branet Vendor Homepage: https://www.skyvern.com/ Software Link: https://github.com/Skyvern-AI/skyvern Version: Settings - API Key - Reveal and copy the API key" parser.addargument"-i",...

Ttemplate Injection

skyvern is vulnerable to Template injection . The vulnerability is due to improper handling of Jinja templates in sdk/workflow/models/block.py, which allows unintended data to be exposed at runtime...

Exploit for CVE-2025-49619

CVE-2025-49619 PoC --- This script exploits CVE-2025-49619...

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

GHSA-H92G-3XC3-WW2R Skyvern has a Jinja runtime leak

Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py...

Skyvern has a Jinja runtime leak

Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the formatblockparametertemplatefromworkflowruncontext function in the block.py file. An attacker can access sensitive information by exploiting the Jinja runtime...

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

CVE-2025-49619

Skyvern is affected by a server-side template injection (SSTI) in the Prompt field of workflow blocks (notably Navigation v2). The root cause is improper sanitization of Jinja2 input, allowing an authenticated user to inject expressions that are evaluated server-side, leading to blind remote code...

PT-2025-24341

Name of the Vulnerable Software and Affected Versions Skyvern versions 0.1.0 through 0.1.85 Description The issue is related to a Jinja runtime leak in the sdk/workflow/models/block.py file. This leak can potentially be exploited, although specific details about real-world incidents or the...

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection SSTI in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to...

Ikonomos Skyvern 安全漏洞

Ikonomos Skyvern is a software from Ikonomos, Inc. in the United States. A security vulnerability exists in Ikonomos Skyvern 0.1.85 and earlier versions, which originates from a Jinja runtime leak in sdk/workflow/models/block.py...