CVE-2025-65098
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-65098, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-01-30

Assigner: GitHub, Inc.

Description

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-01-30
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
typebot typebot to 3.13.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-311 The product does not encrypt sensitive or critical information before storage or transmission.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-65098 is a high-severity vulnerability in Typebot versions prior to 3.13.2 that allows attackers to steal all stored credentials from users. This happens because Typebot executes arbitrary client-side JavaScript when a user runs a malicious typebot, enabling the attacker to use the victim's authenticated session to call an API endpoint (/api/trpc/credentials.getCredentials) that returns plaintext API keys and other sensitive credentials without verifying ownership. As a result, attackers can exfiltrate OpenAI keys, Google Sheets tokens, SMTP passwords, and more by tricking users into running malicious scripts. [1]

Impact Analysis

This vulnerability can lead to significant credential theft, allowing attackers to obtain sensitive API keys and tokens such as OpenAI keys, Google Sheets tokens, and SMTP passwords. This can result in unauthorized use of services (e.g., costly OpenAI API usage), exposure of confidential company data stored in Google Sheets, and compromise of email systems via stolen SMTP credentials. Overall, it can cause financial loss, data breaches, and unauthorized access to critical resources. [1]

Detection Guidance

Detection can involve monitoring for unusual API calls to the /api/trpc/credentials.getCredentials endpoint, especially those that return plaintext credentials without proper authorization. Network monitoring tools can be used to detect outgoing requests from browsers running Typebot to attacker-controlled servers, indicating possible exfiltration. Additionally, reviewing Typebot instances for Script blocks with 'Execute on client' enabled that contain suspicious JavaScript can help identify malicious bots. Specific commands are not provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Typebot to version 3.13.2 or later, where this vulnerability is fixed. Additionally, users should avoid running untrusted typebots or Script blocks with 'Execute on client' enabled. Reviewing and revoking potentially compromised API keys (OpenAI keys, Google Sheets tokens, SMTP passwords) is also recommended to prevent unauthorized access. [1]

Compliance Impact

This vulnerability allows attackers to steal sensitive credentials such as API keys, tokens, and passwords, potentially leading to unauthorized access to personal and confidential data. Such a breach could result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and ensuring proper access controls. The exposure of credentials and subsequent unauthorized data access may lead to significant financial and data breaches, violating these standards' requirements for confidentiality and data security. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65098. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart