CVE-2025-64709 Overview
CVE-2025-64709 is a critical Server-Side Request Forgery (SSRF) vulnerability affecting Typebot, an open-source chatbot builder. The vulnerability exists in the Typebot webhook block (HTTP Request component) functionality, allowing authenticated users to make arbitrary HTTP requests from the server. This includes access to the AWS Instance Metadata Service (IMDS), enabling attackers to bypass IMDSv2 protection through custom header injection and extract temporary AWS IAM credentials for the EKS node role.
Critical Impact
Complete compromise of Kubernetes clusters and associated AWS infrastructure through credential theft via SSRF exploitation of the HTTP Request component.
Affected Products
- Typebot versions prior to 3.13.1
- Typebot deployments on AWS EKS infrastructure
- Self-hosted Typebot instances with webhook block functionality enabled
Discovery Timeline
- 2025-11-13 - CVE-2025-64709 published to NVD
- 2026-01-30 - Last updated in NVD database
Technical Details for CVE-2025-64709
Vulnerability Analysis
The SSRF vulnerability resides in Typebot's webhook block functionality, specifically within the HTTP Request component. This component is designed to allow chatbot builders to make outbound HTTP requests as part of their workflow automation. However, insufficient validation of user-supplied URLs and headers enables authenticated attackers to redirect these requests to internal resources.
The most severe exploitation scenario involves targeting the AWS Instance Metadata Service (IMDS) at 169.254.169.254. While AWS has implemented IMDSv2 as a defense mechanism requiring a session token obtained via a PUT request with a specific header, the vulnerability allows attackers to inject custom headers into the HTTP requests. This effectively bypasses IMDSv2 protections, enabling retrieval of temporary IAM credentials associated with the EKS node role.
Root Cause
The root cause is improper input validation and insufficient URL filtering in the HTTP Request component (CWE-918: Server-Side Request Forgery). The application fails to adequately restrict the destination of outbound HTTP requests and allows arbitrary header injection, enabling attackers to craft requests that access internal network resources and cloud metadata services.
Attack Vector
The attack vector is network-based and requires low privileges (authenticated user access). An attacker with access to the Typebot builder interface can configure a webhook block to target internal IP addresses, including the AWS metadata endpoint. By injecting the required X-aws-ec2-metadata-token-ttl-seconds header, the attacker can obtain an IMDSv2 session token and subsequently retrieve IAM credentials.
The exploitation chain typically involves:
- Creating or modifying a Typebot workflow with a webhook block
- Configuring the HTTP Request to target http://169.254.169.254/latest/api/token with a PUT method
- Injecting the X-aws-ec2-metadata-token-ttl-seconds header to obtain an IMDSv2 token
- Using the token to access credential endpoints at http://169.254.169.254/latest/meta-data/iam/security-credentials/
- Extracting AWS access keys, secret keys, and session tokens for the EKS node IAM role
For detailed technical information, see the GitHub Security Advisory.
Detection Methods for CVE-2025-64709
Indicators of Compromise
- Outbound HTTP requests from Typebot servers to internal IP ranges (e.g., 169.254.169.254, 10.0.0.0/8, 172.16.0.0/12)
- Webhook block configurations containing references to metadata service endpoints
- Unusual IAM credential usage patterns from EKS node roles
- CloudTrail events showing API calls from unexpected source IPs using EKS node credentials
Detection Strategies
- Monitor outbound network traffic for connections to AWS metadata IP address 169.254.169.254
- Implement log analysis for webhook block executions targeting non-public IP ranges
- Configure AWS CloudTrail alerts for anomalous IAM credential usage from EKS node roles
- Review Typebot workflow configurations for suspicious HTTP Request block destinations
Monitoring Recommendations
- Enable VPC Flow Logs to capture and analyze all network traffic from Typebot instances
- Configure AWS GuardDuty to detect credential exfiltration and unusual API activity
- Implement application-level logging for all webhook block HTTP requests
- Set up alerts for any outbound connections to link-local addresses (169.254.0.0/16)
How to Mitigate CVE-2025-64709
Immediate Actions Required
- Upgrade Typebot to version 3.13.1 or later immediately
- Audit existing Typebot workflows for malicious or suspicious webhook configurations
- Rotate any AWS credentials that may have been exposed through EKS node roles
- Review CloudTrail logs for unauthorized API activity using EKS credentials
Patch Information
The vulnerability has been addressed in Typebot version 3.13.1. Organizations should upgrade to this version or later to remediate the SSRF vulnerability. The fix implements proper URL validation and restricts access to internal network resources from the HTTP Request component.
For official patch details, refer to the Typebot GitHub Security Advisory.
Workarounds
- Implement network-level controls to block outbound traffic from Typebot instances to metadata service IPs
- Configure AWS IMDSv2 with hop limit of 1 to prevent container-based SSRF attacks
- Restrict Typebot user access to minimize the number of authenticated users who can create webhook blocks
- Deploy Typebot behind a web application firewall (WAF) with SSRF protection rules
# AWS CLI - Enforce IMDSv2 with hop limit of 1 for EC2 instances
aws ec2 modify-instance-metadata-options \
--instance-id i-1234567890abcdef0 \
--http-tokens required \
--http-put-response-hop-limit 1 \
--http-endpoint enabled
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
