CVE-2025-64706 Overview
CVE-2025-64706 is an Insecure Direct Object Reference (IDOR) vulnerability in Typebot, an open-source chatbot builder. The flaw exists in the API token management endpoint across versions 3.9.0 through 3.12.x. An authenticated attacker can delete any user's API token and retrieve its value by supplying the target user's ID and token ID. The endpoint performs no authorization checks tying the token to the requesting user. Version 3.13.0 resolves the issue.
Critical Impact
Authenticated attackers can hijack API tokens belonging to other Typebot users, gaining their identity and access to associated chatbot workflows and data.
Affected Products
- Typebot versions 3.9.0 through 3.12.x
- Self-hosted Typebot deployments running affected releases
- Typebot cloud tenants on pre-3.13.0 builds
Discovery Timeline
- 2025-11-13 - CVE-2025-64706 published to NVD
- 2026-01-30 - Last updated in NVD database
Technical Details for CVE-2025-64706
Vulnerability Analysis
The vulnerability stems from missing authorization enforcement on Typebot's API token management endpoint. The endpoint accepts a user ID and token ID as parameters when handling deletion requests. It then returns the deleted token's value in the response. The handler does not validate that the authenticated session owns the referenced token or user account.
This pattern matches both [CWE-284] Improper Access Control and [CWE-639] Authorization Bypass Through User-Controlled Key. Any authenticated Typebot user can iterate or guess token and user identifiers to harvest tokens belonging to others. Recovered tokens grant the attacker the victim's API privileges, enabling chatbot manipulation, data exfiltration, and integration abuse.
Root Cause
The API token deletion route trusts client-supplied identifiers without cross-checking them against the session principal. Authorization logic that should bind the operation to the requesting account is absent. Returning the deleted token's secret value in the response further amplifies the impact beyond a simple destructive action.
Attack Vector
Exploitation requires network access to the Typebot API and a valid authenticated session. The attacker submits a delete request to the token management endpoint, supplying the victim's user ID and token ID. The server processes the operation and returns the token value, which the attacker can replay against any Typebot API consuming that credential. Refer to the GitHub Security Advisory GHSA-grx8-g27p-8hpp for the maintainer's technical write-up.
Detection Methods for CVE-2025-64706
Indicators of Compromise
- Unexpected DELETE requests against Typebot API token management routes referencing user IDs that do not match the authenticated session
- API token rotation or disappearance events not initiated by the legitimate token owner
- Successful Typebot API calls originating from new IP addresses or user agents immediately after a token deletion event
Detection Strategies
- Correlate Typebot application logs to flag token deletion requests where the acting user differs from the token owner
- Alert on HTTP responses from token management endpoints that return non-empty token secrets
- Baseline normal token lifecycle activity per user and surface deviations such as bulk deletions
Monitoring Recommendations
- Forward Typebot application and reverse proxy logs to a centralized SIEM for retention and query
- Monitor outbound API calls authenticated with Typebot tokens for sudden changes in source or behavior
- Review audit trails for the workspaces and bots associated with any rotated token
How to Mitigate CVE-2025-64706
Immediate Actions Required
- Upgrade Typebot to version 3.13.0 or later without delay
- Rotate all existing Typebot API tokens after upgrading and invalidate any tokens that may have been exposed
- Audit recent token deletion and creation events for unauthorized activity across all user accounts
- Restrict network exposure of the Typebot management API to trusted networks where feasible
Patch Information
The maintainers fixed the IDOR by enforcing ownership checks on the token management endpoint in Typebot 3.13.0. Self-hosted operators should pull the updated container image or source release and redeploy. Full remediation details are documented in the GitHub Security Advisory GHSA-grx8-g27p-8hpp.
Workarounds
- Place the Typebot API behind an authenticating reverse proxy that restricts token management routes to administrators until the upgrade is applied
- Temporarily disable API token issuance for non-essential users to limit the pool of credentials at risk
- Apply web application firewall rules that block requests to the token management endpoint where the path-supplied user ID does not match the session identity
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

