CVE-2025-65098

Name of the Vulnerable Software and Affected Versions Typebot versions prior to 3.13.2

Description Typebot, an open-source chatbot builder, has a flaw where client-side script execution can lead to the theft of stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates credentials such as OpenAI keys, Google Sheets tokens, and SMTP passwords. The /api/trpc/credentials.getCredentials endpoint returns plaintext API keys without verifying credential ownership. The vulnerable file is packages/embeds/js/src/features/blocks/logic/script/executeScript.ts. Attackers can craft malicious bot templates to harvest credentials. The issue stems from client-side scripts executing with the victim's authenticated session and the API returning plaintext credentials without authorization checks.

Recommendations Update Typebot to version 3.13.2 or later.