Unrated severityNVD Advisory· Published Sep 25, 2025· Updated Oct 28, 2025

Monkeytype Vulnerable to Self-XSS on loading saved custom text

CVE-2025-59838

Description

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0.

Affected products

Monkeytype/Monkeytypellm-fuzzy
Range: <=25.36.0
monkeytypegame/monkeytypev5
Range: < 25.44.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/monkeytypegame/monkeytype/commit/f025b121cbe437e29de432b4aa72e0de22c755b7mitrex_refsource_MISC
github.com/monkeytypegame/monkeytype/releases/tag/v25.44.0mitrex_refsource_MISC
github.com/monkeytypegame/monkeytype/security/advisories/GHSA-j4xx-fww5-774wmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000