CVE-2025-12245 | chatwoot up to 4.7.0 Widget IFrameHelper.js initPostMessageCommunication baseUrl origin validation

A vulnerability was found in chatwoot up to 4.7.0. It has been classified as problematic. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error.

This vulnerability is referenced as CVE-2025-12245. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More