CNNVD-202511-1548 Information

CNNVD ID

CNNVD-202511-1548

Related CVE

CVE-2025-64709

• CNNVD Published: 2025-11-13

Description (Chinese)

Typebot是Baptiste Arnaud个人开发者的一个开源聊天机器人构建器。 Typebot 3.13.1之前版本存在代码问题漏洞，该漏洞源于Typebot webhook块功能存在服务器端请求伪造，可能导致提取AWS IAM凭据和完全接管Kubernetes集群。

Description (English)

Typebot is an open-source chat robot builder for Baptiste Arnaud’s personal developer. There was a code breach in the pre-Typebot 3.13.1 version, which stemmed from the existence of a server-end request for forgery of the Typebot webbook block, which could lead to the extraction of AWS IAM and the complete takeover of the Kubernetes cluster.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-8gq9-rw7v-3jpr https://access.redhat.com/security/cve/cve-2025-64709

Patch

https://github.com/baptisteArno/typebot.io/releases