CVE-2025-49619HIGH 8.5EPSS p95.9%

CVE-2025-49619CVE-2025-49619

Description

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).

Scoring

CVSS 3.18.5 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
EPSS13.45% probability of exploitation · percentile 95.9% · 2026-06-18T12:00:27Z
Published2025-06-07
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1336

References

  1. https://cristibtz.github.io/posts/CVE-2025-49619/
  2. https://github.com/Skyvern-AI/skyvern/commit/db856cd8433a204c8b45979c70a4da1e119d949d
  3. https://www.exploit-db.com/exploits/52335
  4. https://cristibtz.blog/posts/CVE-2025-49619/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements Used in a Template Enginecwe-13360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14700
CVE
CVE-2025-1040
CVE
CVE-2025-54815
CVE
CVE-2026-4789
CVE
CVE-2026-1470
CVE
CVE-2025-25362
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.