{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T07:01:35.034","vulnerabilities":[{"cve":{"id":"CVE-2025-49619","sourceIdentifier":"cve@mitre.org","published":"2025-06-07T14:15:21.573","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE)."},{"lang":"es","value":"Skyvern, hasta la versión 0.1.85, es vulnerable a server-side template injection (SSTI) en el campo Prompt de bloques de flujo de trabajo, como el bloque Navigation v2. La depuración incorrecta de la entrada de plantilla de Jinja2 permite a los usuarios autenticados inyectar expresiones manipuladas que se evalúan en el servidor, lo que provoca la ejecución remota de código (RCE) a ciegas."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://cristibtz.github.io/posts/CVE-2025-49619/","source":"cve@mitre.org"},{"url":"https://github.com/Skyvern-AI/skyvern/commit/db856cd8433a204c8b45979c70a4da1e119d949d","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/52335","source":"cve@mitre.org"},{"url":"https://cristibtz.blog/posts/CVE-2025-49619/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}