CVE-2025-65098 - Vulnerability Details - OpenCVE

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47

History

Thu, 22 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.
Title		Typebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization Bypass
Weaknesses		CWE-200 CWE-284 CWE-311 CWE-522 CWE-639 CWE-79 CWE-862
References		https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-01-22T14:59:20.488Z

Updated: 2026-01-22T16:25:45.772Z

Reserved: 2025-11-17T20:55:34.692Z

Link: CVE-2025-65098

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-22T15:16:48.370

Modified: 2026-01-22T15:16:48.370

Link: CVE-2025-65098

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-65098", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-11-17T20:55:34.692Z", "datePublished": "2026-01-22T14:59:20.488Z", "dateUpdated": "2026-01-22T16:25:45.772Z"}, "containers": {"cna": {"title": "Typebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-311", "lang": "en", "description": "CWE-311: Missing Encryption of Sensitive Data", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-522", "lang": "en", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47"}], "affected": [{"vendor": "baptisteArno", "product": "typebot.io", "versions": [{"version": "< 3.13.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-22T14:59:20.488Z"}, "descriptions": [{"lang": "en", "value": "Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking \"Run\", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue."}], "source": {"advisory": "GHSA-4xc5-wfwc-jw47", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T16:25:42.669751Z", "id": "CVE-2025-65098", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T16:25:45.772Z"}}]}}