CVE-2025-65098
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-30

Assigner: GitHub, Inc.

Description
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-65098
EUVD
EUVD-2026-4135
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
typebot typebot to 3.13.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-311 The product does not encrypt sensitive or critical information before storage or transmission.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-65098 is a high-severity vulnerability in Typebot versions prior to 3.13.2 that allows attackers to steal all stored credentials from users. This happens because Typebot executes arbitrary client-side JavaScript when a user runs a malicious typebot, enabling the attacker to use the victim's authenticated session to call an API endpoint (/api/trpc/credentials.getCredentials) that returns plaintext API keys and other sensitive credentials without verifying ownership. As a result, attackers can exfiltrate OpenAI keys, Google Sheets tokens, SMTP passwords, and more by tricking users into running malicious scripts. [1]

Impact Analysis

This vulnerability can lead to significant credential theft, allowing attackers to obtain sensitive API keys and tokens such as OpenAI keys, Google Sheets tokens, and SMTP passwords. This can result in unauthorized use of services (e.g., costly OpenAI API usage), exposure of confidential company data stored in Google Sheets, and compromise of email systems via stolen SMTP credentials. Overall, it can cause financial loss, data breaches, and unauthorized access to critical resources. [1]

Detection Guidance

Detection can involve monitoring for unusual API calls to the /api/trpc/credentials.getCredentials endpoint, especially those that return plaintext credentials without proper authorization. Network monitoring tools can be used to detect outgoing requests from browsers running Typebot to attacker-controlled servers, indicating possible exfiltration. Additionally, reviewing Typebot instances for Script blocks with 'Execute on client' enabled that contain suspicious JavaScript can help identify malicious bots. Specific commands are not provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Typebot to version 3.13.2 or later, where this vulnerability is fixed. Additionally, users should avoid running untrusted typebots or Script blocks with 'Execute on client' enabled. Reviewing and revoking potentially compromised API keys (OpenAI keys, Google Sheets tokens, SMTP passwords) is also recommended to prevent unauthorized access. [1]

Compliance Impact

This vulnerability allows attackers to steal sensitive credentials such as API keys, tokens, and passwords, potentially leading to unauthorized access to personal and confidential data. Such a breach could result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and ensuring proper access controls. The exposure of credentials and subsequent unauthorized data access may lead to significant financial and data breaches, violating these standards' requirements for confidentiality and data security. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65098. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart