-/10CrowdSec Score
Skyvern - RCE (CVE-2025-49619)
Published on07-06-2025
First seen on01-01-1970
CVSS 8.5/10Skyvern - Skyvern
0Exploiting IPs reported
Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.