CVE-2025-65098 is a cross-site scripting (XSS) vulnerability categorized under CWE-79 that affects Typebot, an open-source chatbot builder. The vulnerability exists in versions prior to 3.13.2 and allows client-side script execution when a user previews a maliciously crafted chatbot by clicking the "Run" button. This XSS flaw enables attackers to execute arbitrary JavaScript in the victim's browser context. The critical issue stems from the /api/trpc/credentials.getCredentials API endpoint, which returns plaintext API keys—including OpenAI keys, Google Sheets tokens, and SMTP passwords—without verifying whether the requesting user owns those credentials. This lack of proper authorization and input neutralization leads to credential disclosure (CWE-200) and improper access control (CWE-284). The vulnerability also implicates weaknesses in cryptographic storage (CWE-522), information exposure (CWE-311), and improper authentication (CWE-862). Exploitation requires user interaction (clicking "Run") but no prior authentication, making it accessible to any user who can preview a malicious typebot. The CVSS v3.1 base score is 7.4 (high), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and a scope change with high confidentiality impact but no integrity or availability impact. Although no known exploits are reported in the wild, the potential for credential theft and subsequent abuse of sensitive API keys poses a significant risk. The vulnerability was publicly disclosed in January 2026 and fixed in Typebot version 3.13.2.

For European organizations, this vulnerability poses a significant risk to confidentiality, particularly for entities leveraging Typebot to automate workflows involving sensitive API integrations such as OpenAI services, Google Sheets, and SMTP servers. Credential theft can lead to unauthorized access to critical cloud services, data exfiltration, and potential lateral movement within enterprise environments. Organizations using Typebot in customer-facing or internal applications may inadvertently expose sensitive tokens if users preview malicious chatbots. This could result in data breaches, regulatory non-compliance (e.g., GDPR violations due to unauthorized data access), reputational damage, and financial losses. The requirement for user interaction (clicking "Run") limits automated exploitation but does not eliminate risk, especially in environments where users are not trained to recognize malicious chatbots. The scope change in the CVSS score indicates that the vulnerability can affect resources beyond the initially compromised component, amplifying potential impact. Given the increasing adoption of chatbot technologies and API integrations in European enterprises, the threat is material and warrants urgent remediation.

1. Immediate upgrade of Typebot installations to version 3.13.2 or later to apply the official patch that fixes the vulnerability. 2. Restrict access to the /api/trpc/credentials.getCredentials endpoint by implementing strict authentication and authorization checks to ensure users can only retrieve their own credentials. 3. Implement Content Security Policy (CSP) headers to mitigate the impact of potential XSS attacks by restricting script execution sources. 4. Educate users about the risks of running untrusted or unknown chatbots, emphasizing caution before clicking "Run" on previewed bots. 5. Conduct regular audits of stored API keys and tokens, rotating them if compromise is suspected. 6. Monitor network traffic and logs for unusual API key usage patterns or exfiltration attempts. 7. Employ web application firewalls (WAFs) with rules targeting XSS attack vectors to provide an additional layer of defense. 8. Review and minimize the scope of credentials stored within Typebot, avoiding unnecessary storage of sensitive tokens when possible. 9. For organizations using Typebot in multi-tenant environments, enforce tenant isolation and credential segregation to limit cross-tenant data exposure.