Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-64709

CVE-2025-64709: Typebot SSRF Vulnerability

CVE-2025-64709 is a server-side request forgery flaw in Typebot that allows authenticated users to make arbitrary HTTP requests, potentially exposing AWS credentials. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-64709 Overview

CVE-2025-64709 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting Typebot, an open-source chatbot builder. The vulnerability exists in the Typebot webhook block (HTTP Request component) functionality, allowing authenticated users to make arbitrary HTTP requests from the server. This includes access to the AWS Instance Metadata Service (IMDS), enabling attackers to bypass IMDSv2 protection through custom header injection and extract temporary AWS IAM credentials for the EKS node role.

Critical Impact

Complete compromise of Kubernetes clusters and associated AWS infrastructure through credential theft via SSRF exploitation of the HTTP Request component.

Affected Products

  • Typebot versions prior to 3.13.1
  • Typebot deployments on AWS EKS infrastructure
  • Self-hosted Typebot instances with webhook block functionality enabled

Discovery Timeline

  • 2025-11-13 - CVE-2025-64709 published to NVD
  • 2026-01-30 - Last updated in NVD database

Technical Details for CVE-2025-64709

Vulnerability Analysis

The SSRF vulnerability resides in Typebot's webhook block functionality, specifically within the HTTP Request component. This component is designed to allow chatbot builders to make outbound HTTP requests as part of their workflow automation. However, insufficient validation of user-supplied URLs and headers enables authenticated attackers to redirect these requests to internal resources.

The most severe exploitation scenario involves targeting the AWS Instance Metadata Service (IMDS) at 169.254.169.254. While AWS has implemented IMDSv2 as a defense mechanism requiring a session token obtained via a PUT request with a specific header, the vulnerability allows attackers to inject custom headers into the HTTP requests. This effectively bypasses IMDSv2 protections, enabling retrieval of temporary IAM credentials associated with the EKS node role.

Root Cause

The root cause is improper input validation and insufficient URL filtering in the HTTP Request component (CWE-918: Server-Side Request Forgery). The application fails to adequately restrict the destination of outbound HTTP requests and allows arbitrary header injection, enabling attackers to craft requests that access internal network resources and cloud metadata services.

Attack Vector

The attack vector is network-based and requires low privileges (authenticated user access). An attacker with access to the Typebot builder interface can configure a webhook block to target internal IP addresses, including the AWS metadata endpoint. By injecting the required X-aws-ec2-metadata-token-ttl-seconds header, the attacker can obtain an IMDSv2 session token and subsequently retrieve IAM credentials.

The exploitation chain typically involves:

  1. Creating or modifying a Typebot workflow with a webhook block
  2. Configuring the HTTP Request to target http://169.254.169.254/latest/api/token with a PUT method
  3. Injecting the X-aws-ec2-metadata-token-ttl-seconds header to obtain an IMDSv2 token
  4. Using the token to access credential endpoints at http://169.254.169.254/latest/meta-data/iam/security-credentials/
  5. Extracting AWS access keys, secret keys, and session tokens for the EKS node IAM role

For detailed technical information, see the GitHub Security Advisory.

Detection Methods for CVE-2025-64709

Indicators of Compromise

  • Outbound HTTP requests from Typebot servers to internal IP ranges (e.g., 169.254.169.254, 10.0.0.0/8, 172.16.0.0/12)
  • Webhook block configurations containing references to metadata service endpoints
  • Unusual IAM credential usage patterns from EKS node roles
  • CloudTrail events showing API calls from unexpected source IPs using EKS node credentials

Detection Strategies

  • Monitor outbound network traffic for connections to AWS metadata IP address 169.254.169.254
  • Implement log analysis for webhook block executions targeting non-public IP ranges
  • Configure AWS CloudTrail alerts for anomalous IAM credential usage from EKS node roles
  • Review Typebot workflow configurations for suspicious HTTP Request block destinations

Monitoring Recommendations

  • Enable VPC Flow Logs to capture and analyze all network traffic from Typebot instances
  • Configure AWS GuardDuty to detect credential exfiltration and unusual API activity
  • Implement application-level logging for all webhook block HTTP requests
  • Set up alerts for any outbound connections to link-local addresses (169.254.0.0/16)

How to Mitigate CVE-2025-64709

Immediate Actions Required

  • Upgrade Typebot to version 3.13.1 or later immediately
  • Audit existing Typebot workflows for malicious or suspicious webhook configurations
  • Rotate any AWS credentials that may have been exposed through EKS node roles
  • Review CloudTrail logs for unauthorized API activity using EKS credentials

Patch Information

The vulnerability has been addressed in Typebot version 3.13.1. Organizations should upgrade to this version or later to remediate the SSRF vulnerability. The fix implements proper URL validation and restricts access to internal network resources from the HTTP Request component.

For official patch details, refer to the Typebot GitHub Security Advisory.

Workarounds

  • Implement network-level controls to block outbound traffic from Typebot instances to metadata service IPs
  • Configure AWS IMDSv2 with hop limit of 1 to prevent container-based SSRF attacks
  • Restrict Typebot user access to minimize the number of authenticated users who can create webhook blocks
  • Deploy Typebot behind a web application firewall (WAF) with SSRF protection rules
bash
# AWS CLI - Enforce IMDSv2 with hop limit of 1 for EC2 instances
aws ec2 modify-instance-metadata-options \
    --instance-id i-1234567890abcdef0 \
    --http-tokens required \
    --http-put-response-hop-limit 1 \
    --http-endpoint enabled

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.