CVE-2025-64706 - OpenCVE

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Typebot	Typebot

No data.

No data.

References

Link	Providers
https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp

History

Fri, 14 Nov 2025 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Typebot Typebot typebot
Vendors & Products		Typebot Typebot typebot

Thu, 13 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Nov 2025 18:00:00 +0000

Type	Values Removed	Values Added
Description		Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue.
Title		Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure
Weaknesses		CWE-284 CWE-639
References		https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-11-13T17:49:29.802Z

Updated: 2025-11-13T18:22:36.897Z

Reserved: 2025-11-10T14:07:42.921Z

Link: CVE-2025-64706

Vulnrichment

Updated: 2025-11-13T18:22:33.219Z

NVD

Status : Received

Published: 2025-11-13T18:15:56.310

Modified: 2025-11-13T18:15:56.310

Link: CVE-2025-64706

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64706", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-11-10T14:07:42.921Z", "datePublished": "2025-11-13T17:49:29.802Z", "dateUpdated": "2025-11-13T18:22:36.897Z"}, "containers": {"cna": {"title": "Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp"}], "affected": [{"vendor": "baptisteArno", "product": "typebot.io", "versions": [{"version": ">= 3.9.0, < 3.13.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-13T17:49:29.802Z"}, "descriptions": [{"lang": "en", "value": "Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue."}], "source": {"advisory": "GHSA-grx8-g27p-8hpp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-13T18:07:10.832531Z", "id": "CVE-2025-64706", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T18:22:36.897Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64706", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-13T18:07:10.832531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-13T18:22:33.219Z"}}], "cna": {"title": "Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure", "source": {"advisory": "GHSA-grx8-g27p-8hpp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "baptisteArno", "product": "typebot.io", "versions": [{"status": "affected", "version": ">= 3.9.0, < 3.13.0"}]}], "references": [{"url": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp", "name": "https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing the target user's ID and token ID, without requiring authorization checks. Version 3.13.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-13T17:49:29.802Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64706", "state": "PUBLISHED", "dateUpdated": "2025-11-13T18:22:36.897Z", "dateReserved": "2025-11-10T14:07:42.921Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-11-13T17:49:29.802Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}