CVE-2025-64709
📋 TL;DR
This SSRF vulnerability in Typebot allows authenticated users to make arbitrary HTTP requests from the server, including accessing AWS Instance Metadata Service. By bypassing IMDSv2 protections, attackers can extract AWS IAM credentials and compromise Kubernetes clusters and AWS infrastructure. All Typebot instances running versions before 3.13.1 with webhook functionality are affected.
💻 Affected Systems
- Typebot
📦 What is this software?
Typebot by Typebot
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of Kubernetes cluster and associated AWS infrastructure through stolen IAM credentials, leading to data exfiltration, resource hijacking, and lateral movement across cloud environments.
Likely Case
Extraction of AWS IAM credentials from EKS node roles, enabling unauthorized access to cloud resources and potential data breaches.
If Mitigated
Limited to internal network reconnaissance if proper network segmentation and IMDS protections are in place.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated. IMDSv2 bypass through header injection makes exploitation effective.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.13.1
Vendor Advisory: https://github.com/baptisteArno/typebot.io/security/advisories/GHSA-8gq9-rw7v-3jpr
Restart Required: Yes
Instructions:
1. Update Typebot to version 3.13.1 or later. 2. Restart the Typebot service. 3. Verify the update was successful.
🔧 Temporary Workarounds
Disable webhook functionality
allTemporarily disable the HTTP Request webhook block feature until patching is possible.
Restrict IMDS access
linuxConfigure AWS security groups and network ACLs to block IMDS access from Typebot instances.
aws ec2 modify-instance-metadata-options --instance-id <instance-id> --http-tokens required --http-endpoint disabled
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Typebot instances from AWS metadata services
- Enforce least privilege IAM roles and regularly rotate credentials
🔍 How to Verify
Check if Vulnerable:
Check Typebot version via admin interface or deployment configuration. Versions below 3.13.1 are vulnerable.Check Version:
Check Typebot admin dashboard or deployment manifest for version information.Verify Fix Applied:
Confirm Typebot version is 3.13.1 or higher and test webhook functionality with restricted URLs.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests from Typebot server to internal/metadata endpoints
- Multiple failed webhook attempts to restricted URLs
Network Indicators:
- Outbound connections from Typebot to AWS metadata service (169.254.169.254)
- HTTP requests with custom headers to internal endpoints
SIEM Query:
source="typebot" AND (dest_ip="169.254.169.254" OR url="*metadata*" OR user_agent="*Typebot*")