CVE-2025-67843

High CVSS: 8.3

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

Vendor

Mintlify

Product

Mintlify

CWE

CWE-1336

Yayın Tarihi

2025-12-19 02:16:08

Güncelleme

2026-01-02 16:07:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1336 Mintlify HIGH Mintlify 2025

Referanslar

https://kibty.town/blog/mintlify/ https://news.ycombinator.com/item?id=46317098 https://www.mintlify.com/blog/working-with-security-researchers-november-2025 https://www.mintlify.com/docs/changelog https://kibty.town/blog/mintlify/

Benzer Kayıtlar

Medium

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository…

Medium

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows rem…

Medium

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches…

Medium

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HT…