CVE-2025-65098
published 2026-01-22CVE-2025-65098: Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any…
PriorityP344high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EPSS
0.30%
21.6th percentile
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership. Version 3.13.2 fixes the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baptistearno | typebot.io | < 3.13.2 | 3.13.2 |
| typebot.io | js | >= 0 < 0.9.15 | 0.9.15 |
| typebot | typebot | < 3.13.2 | 3.13.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
ghsa·2026-01-22
CVE-2025-65098 [HIGH] CWE-79 Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
### Summary
Client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership
---
### Details
The Script block with "Execute on client" enabled runs arbitrary JavaScript in the victim's browser with their authenticated session. This allows API calls on their behalf.
The `/api/trpc/credentials.getCredentials` endpoint returns plaintext credentials:
```http
GET /api/trpc/
OSV
Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
osv·2026-01-22
CVE-2025-65098 [HIGH] Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass
### Summary
Client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The `/api/trpc/credentials.getCredentials` endpoint returns plaintext API keys without verifying credential ownership
---
### Details
The Script block with "Execute on client" enabled runs arbitrary JavaScript in the victim's browser with their authenticated session. This allows API calls on their behalf.
The `/api/trpc/credentials.getCredentials` endpoint returns plaintext credentials:
```http
GET /api/trpc/
No detection rules found.
No public exploits indexed.
2026-01-22
Published