CVE-2025-49619 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper s…
High CVSS: 8.5

CVE-2025-49619

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).
Vendor
-
Product
-
CWE
CWE-1336
Yayın Tarihi
2025-06-07 14:15:21
Güncelleme
2025-06-17 21:15:40
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-1336 HIGH 2025

Referanslar

https://cristibtz.github.io/posts/CVE-2025-49619/ https://github.com/Skyvern-AI/skyvern/commit/db856cd8433a204c8b45979c70a4da1e119d949d https://www.exploit-db.com/exploits/52335 https://cristibtz.blog/posts/CVE-2025-49619/