This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Jinja Runtime Leak in `sdk/workflow/models/block.py`. <br>π₯ **Consequences**: Remote Code Execution (RCE). Attackers can execute arbitrary commands on the server.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-1336 (Improper Control of Generation of Code). <br>π **Flaw**: Unsafe Jinja2 template rendering allows code injection via workflow blocks.
π **Attacker Capabilities**: Full RCE. <br>π **Privileges**: Can execute system commands (e.g., reverse shells). <br>π **Data**: Potential access to server files and environment variables.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: Medium. <br>π **Auth Required**: Yes (Low Privilege). <br>βοΈ **Config**: Requires a valid `X-API-KEY` to trigger the exploit.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exploit**: YES. <br>π **PoC**: Available on GitHub (`cristibtz/CVE-2025-49619`) and Exploit-DB (52335). <br>π§ **Type**: Reverse Shell script.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Skyvern instances on port 8000/8080. <br>π **Verify**: Check version number against 0.1.85. <br>π‘οΈ **Monitor**: Look for suspicious outbound network connections (reverse shells).