What is CVE-2025-65098?

CVE-2025-65098 is a high-severity vulnerability in Baptistearno Typebot.io, classified under Cross-site Scripting. CVSS score: 7.4/10. Published 2026-01-22.

How severe is CVE-2025-65098?

High severity. CVSS v3 base score is 7.4 out of 10.

XSS in Baptistearno Typebot.io

CVE-2025-65098

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

Affected products

Baptistearno Typebot.io — versions < 3.13.2

Weakness classification (CWE)

References

https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-4xc5-wfwc-jw47 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-65098?: CVE-2025-65098 is a high-severity vulnerability in Baptistearno Typebot.io, classified under Cross-site Scripting. CVSS score: 7.4/10. Published 2026-01-22.
How severe is CVE-2025-65098?: High severity. CVSS v3 base score is 7.4 out of 10.