Improper Input Handling in Monkeytype Typing Test Application
CVE-2025-66563

7.1HIGH

Key Information:

Vendor: Monkeytypegame
Status: Monkeytype
Vendor: CVE Published:; 4 December 2025

🔔 Create Monkeytypegame Vulnerability Alert

What is CVE-2025-66563?

The Monkeytype Typing Test application experiences vulnerabilities due to inadequate handling of user input in versions 25.49.0 and earlier. Attackers can exploit this weakness by submitting malicious quotes containing HTML tags. When these quotes are displayed, the application inserts them directly into the DOM without sufficient validation, leading to potential execution of harmful JavaScript on user sessions. This issue emphasizes the importance of rigorous input sanitation to prevent cross-site scripting (XSS) attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

monkeytype <= 25.49.0

References

https://github.com/monkeytypegame/monkeytype/security/adv...

x_refsource_CONFIRM

https://github.com/monkeytypegame/monkeytype/commit/d6d06...

x_refsource_MISC

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Dec 4, 2025

JSON

Monkeytypegame