CVE-2025-8349
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-21
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tawk | tawk_live_chat | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored Cross-Site Scripting (XSS) issue in Tawk Live Chat. An attacker can upload a malicious PDF containing JavaScript through the chatbot. This PDF is stored and later shown to other users without proper sanitization, allowing the malicious JavaScript to run in their browsers. [1]
How can this vulnerability impact me? :
The vulnerability can be exploited to steal sensitive user data such as session cookies or to perform unauthorized actions on behalf of the user, potentially compromising user accounts and data integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious PDF uploads containing JavaScript payloads through the Tawk Live Chat chatbot interface. Since the vulnerability is a stored XSS via uploaded PDFs, you can inspect uploaded files for embedded JavaScript. Commands to detect suspicious PDFs could include using tools like 'pdfid' or 'pdf-parser' to analyze PDFs for JavaScript content. For example, running 'pdfid suspicious.pdf' or 'pdf-parser --search JavaScript suspicious.pdf' on uploaded files. Additionally, monitoring web server logs for unusual POST requests to the chatbot upload endpoint may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling the ability to upload PDFs through the chatbot interface until a patch or fix is available. Implement input validation and sanitization to prevent uploading files containing JavaScript payloads. Additionally, monitor and review uploaded files for malicious content and consider applying web application firewall (WAF) rules to block suspicious uploads or script execution. Inform users about the risk and encourage caution when interacting with uploaded files. [1]