Miggo Logo
Miggo Vulnerability Database
CVE-2025-49619

CVE-2025-49619: Skyvern has a Jinja runtime leak

8.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-49619
GHSA ID
GHSA-h92g-3xc3-ww2r
EPSS Score
0.96554%
CWE
CWE-1336
Published
6/7/2025
Updated
6/9/2025
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
skyvernpip<= 0.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is a Jinja runtime leak, specifically a template injection vulnerability, in the skyvern.forge.sdk.workflow.models.block.Block.format_block_parameter_template_from_workflow_run_context function. The provided commit db856cd8433a204c8b45979c70a4da1e119d949d shows that the jinja2.Template class, which is known to be unsafe when used with untrusted template strings, was replaced with jinja2.sandbox.SandboxedEnvironment. This change directly points to the format_block_parameter_template_from_workflow_run_context method as the location where the unsafe template rendering occurred. The potential_template variable, if sourced from user input or an otherwise untrusted context, could be crafted to exploit the Jinja2 engine. The use of SandboxedEnvironment is the standard mitigation for such vulnerabilities in Jinja2.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Skyv*rn t*rou** *.*.* **s * Jinj* runtim* l**k in s*k/work*low/mo**ls/*lo*k.py.

Reasoning

T** vuln*r**ility is * Jinj* runtim* l**k, sp**i*i**lly * t*mpl*t* inj**tion vuln*r**ility, in t** `skyv*rn.*or**.s*k.work*low.mo**ls.*lo*k.*lo*k.*orm*t_*lo*k_p*r*m*t*r_t*mpl*t*_*rom_work*low_run_*ont*xt` *un*tion. T** provi*** *ommit `**************