What is CVE-2025-64706?

CVE-2025-64706 is a medium-severity vulnerability in Baptistearno Typebot.io, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.0/10. Published 2025-11-13.

How severe is CVE-2025-64706?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Auth bypass in Baptistearno Typebot.io

CVE-2025-64706

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API token management endpoint. An authenticated attacker can delete any…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (14.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Baptistearno Typebot.io — versions >= 3.9.0, < 3.13.0

Weakness classification (CWE)

References

https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-64706?: CVE-2025-64706 is a medium-severity vulnerability in Baptistearno Typebot.io, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.0/10. Published 2025-11-13.
How severe is CVE-2025-64706?: Medium severity. CVSS v3 base score is 5.0 out of 10.