CVE-2025-49619

Name of the Vulnerable Software and Affected Versions Skyvern versions 0.1.0 through 0.1.85

Description The issue is related to a Jinja runtime leak in the sdk/workflow/models/block.py file. This leak can potentially be exploited, although specific details about real-world incidents or the estimated number of affected devices are not provided. The leak is due to improper neutralization of special elements used in a template engine, which is classified as CWE-1336.

Recommendations For Skyvern versions 0.1.0 through 0.1.85, consider disabling or restricting access to the sdk/workflow/models/block.py file as a temporary workaround until a patch is available. Additionally, avoid using any potentially vulnerable functions or parameters within this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.