tawk.to Live Chat CVE-2025-45960
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Network-reachable stored XSS, no authentication to inject payload, victim must render content (UI:R), scope changes to victim's browser origin enabling cross-site impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding
AnalysisAI
Stored cross-site scripting in tawk.to Live Chat 1.6.1 allows unauthenticated remote attackers to inject persistent JavaScript payloads via the chat widget, which execute in the browsers of support agents or site administrators who view the tainted transcripts. The CVSS 3.1 Scope:Changed metric confirms the injected script executes in the victim's browser origin, enabling session hijacking or credential theft against the hosting site - not merely the chat platform. A public proof-of-concept is available on GitHub; no CISA KEV listing exists and EPSS sits at 0.43% (35th percentile), indicating low current mass-exploitation but a meaningful attacker-accessible entry point given the lowered skill bar from the POC.
Technical ContextAI
tawk.to Live Chat is a customer support chat widget embedded as a third-party script on websites across many industries. CWE-79 (Improper Neutralization of Input During Web Page Generation) in its stored variant means visitor-submitted chat messages are persisted server-side without sanitization and later rendered to authenticated dashboard users without output encoding. The CPE string cpe:2.3:a:tawk:tawk.to:*:*:*:*:*:*:*:* uses a wildcard version range, indicating NVD has not bounded affected versions beyond the reported 1.6.1. The CVSS S:C (Scope Changed) is the critical technical signal here: because the malicious script runs in the victim agent's browser session, it operates in the context of the hosting site's domain - not a sandboxed tawk.to subdomain - enabling cross-origin attacks against the site operator's authenticated session.
RemediationAI
No vendor-released patch or official advisory was identified in the available reference data - the only public reference is the researcher's GitHub repository at https://github.com/pracharapol/CVE-2025-45960. Operators should monitor tawk.to's official changelog and update to any version released after 1.6.1 that addresses input sanitization. As a compensating control, implement a strict Content Security Policy (CSP) header on the hosting site with a script-src directive restricted to known trusted origins; note this may require tuning to avoid breaking the tawk.to widget's own legitimate JavaScript. Additionally, restricting dashboard access to specific IP ranges reduces the exposure window for agent-side payload execution. Do not rely on client-side input filters as the sole defense, as these can be bypassed via direct HTTP requests.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today