DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-65098: Typebot IDOR & XSS: Automating the Theft of Your Own API Keys

#security #cve #cybersecurity

Typebot IDOR & XSS: Automating the Theft of Your Own API Keys

Vulnerability ID: CVE-2025-65098
CVSS Score: 7.4
Published: 2026-01-22

A critical chain of vulnerabilities in Typebot allows attackers to craft malicious bot templates that, when previewed by a victim, execute arbitrary JavaScript to harvest and exfiltrate all stored secrets (OpenAI keys, SMTP passwords, etc.) via a backend IDOR.

TL;DR

Typebot's "Execute on Client" feature allowed un-sandboxed JavaScript execution. Combined with a backend authorization flaw (IDOR) in the credentials.getCredentials endpoint, this allows anyone who can convince a Typebot admin to preview a malicious template to instantly steal every API key and secret stored in that Typebot instance.

⚠️ Exploit Status: POC

Technical Details

  • Attack Vector: Network (N)
  • Complexity: Low (L)
  • Privileges Required: None (N) - Social Engineering
  • User Interaction: Required (R) - Victim must preview/run bot
  • CVSS v3.1: 7.4 (High)
  • CWE ID: CWE-639 (Authorization Bypass)
  • Exploit Status: PoC Available

Affected Systems

  • Typebot Self-Hosted < 3.13.2
  • Typebot Cloud (Patched)
  • Typebot: < 3.13.2 (Fixed in: 3.13.2)

Code Analysis

Commit: a68f0c9

fix: security sandbox for client-side scripts

const safeFetch = async (input, init) => { ... credentials: 'omit' ... }
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Upgrade Typebot to version 3.13.2 or later immediately.
  • Implement Content Security Policy (CSP) headers to restrict where the browser can send data (connect-src).
  • Audit all imported Typebot templates for unknown 'Script' blocks.

Remediation Steps:

  1. Pull the latest Docker image: docker pull baptistearno/typebot:latest
  2. Restart your container fleet.
  3. Review the 'Credentials' section in your settings to ensure no unknown API keys have been created or accessed recently.
  4. Rotate any API keys (OpenAI, Google, Stripe) that were stored in Typebot prior to the patch.

References

Read the full report for CVE-2025-65098 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)