Platform
nodejs
Component
typebot.io
Fixed in
3.13.2
A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in Typebot, an open-source chatbot builder. This flaw, present in versions prior to 3.13.1, allows authenticated users to make arbitrary HTTP requests from the server. Exploitation can lead to the extraction of AWS IAM credentials, potentially resulting in complete compromise of Kubernetes clusters and associated AWS infrastructure. Typebot version 3.13.1 addresses this vulnerability.
The SSRF vulnerability in Typebot's HTTP Request component allows attackers to bypass IMDSv2 protection and access the AWS Instance Metadata Service (IMDS). By injecting custom headers, an attacker can retrieve temporary AWS IAM credentials associated with the EKS node role. These credentials grant significant privileges, enabling attackers to assume the role and gain full control over the Kubernetes cluster. This includes the ability to deploy malicious workloads, steal sensitive data, and potentially pivot to other AWS resources. The potential blast radius extends beyond the Typebot instance itself, encompassing the entire Kubernetes environment and associated AWS infrastructure.
This vulnerability is considered high probability due to the ease of exploitation and the potential for significant impact. Public proof-of-concept code is likely to emerge given the SSRF nature of the vulnerability. The vulnerability was publicly disclosed on 2025-11-13. It is recommended to monitor CISA KEV for potential inclusion.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-64709 is to upgrade Typebot to version 3.13.1 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict outbound network access from the Typebot instance to only necessary destinations. Implement strict input validation on the HTTP Request component to prevent malicious header injection. Monitor Typebot logs for suspicious outbound requests, particularly those targeting the AWS Instance Metadata Service. After upgrading, confirm the fix by attempting to access the IMDS through the HTTP Request component and verifying that access is denied.
Update Typebot to version 3.13.1 or higher. This version corrects the SSRF vulnerability in the webhook block. The update will prevent the potential extraction of AWS EKS credentials and Kubernetes cluster compromise.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-64709 is a critical SSRF vulnerability in Typebot versions up to 3.13.0, allowing attackers to extract AWS IAM credentials and compromise Kubernetes clusters.
You are affected if you are running Typebot version 3.13.0 or earlier. Upgrade to 3.13.1 to resolve the vulnerability.
Upgrade Typebot to version 3.13.1. As a temporary workaround, restrict outbound network access and implement strict input validation.
While no active exploitation has been confirmed, the ease of exploitation suggests it is likely to be targeted. Monitor your systems and apply the patch promptly.
Refer to the Typebot project's official release notes and security advisories on their GitHub repository for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.