CVE-2025-67842

Medium CVSS: 6.4

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.

Vendor

Mintlify

Product

Mintlify

CWE

CWE-829

Yayın Tarihi

2025-12-19 02:16:08

Güncelleme

2026-01-02 16:01:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-829 Mintlify MEDIUM Mintlify 2025

Referanslar

https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28 https://heartbreak.ing https://kibty.town/blog/mintlify/ https://news.ycombinator.com/item?id=46317098 https://www.mintlify.com/blog/working-with-security-researchers-november-2025 https://www.mintlify.com/docs/changelog https://kibty.town/blog/mintlify/

Benzer Kayıtlar

Medium

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository…

Medium

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows rem…

Medium

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches…

High

CVE-2025-67843

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15…