CNNVD-202511-1568 Information

CNNVD ID

CNNVD-202511-1568

Related CVE

CVE-2025-64706

• CNNVD Published: 2025-11-13

Description (Chinese)

Typebot是Baptiste Arnaud个人开发者的一个开源聊天机器人构建器。 Typebot 3.9.0版本至3.13.0之前版本存在安全漏洞，该漏洞源于API令牌管理端点存在不安全的直接对象引用，可能导致删除和检索任意用户的API令牌。

Description (English)

Typebot is an open-source chat robot builder for Baptiste Arnaud’s personal developer. There is a security loophole in the pre-Typebot 3.9.0 to 3.1.3. This is due to the unsafe direct-object references at the API management endpoint, which may lead to the deletion and retrieval of any API token from the user.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-grx8-g27p-8hpp https://access.redhat.com/security/cve/cve-2025-64706

Patch

https://github.com/baptisteArno/typebot.io/releases