CVE-2025-67845

Medium CVSS: 6.4

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.

Vendor

Mintlify

Product

Mintlify

CWE

CWE-24

Yayın Tarihi

2025-12-19 02:16:09

Güncelleme

2026-01-02 15:52:40

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-24 Mintlify MEDIUM Mintlify 2025

Referanslar

https://heartbreak.ing/ https://kibty.town/blog/mintlify/ https://news.ycombinator.com/item?id=46317098 https://www.mintlify.com/blog/working-with-security-researchers-november-2025 https://www.mintlify.com/docs/changelog

Benzer Kayıtlar

Medium

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository…

Medium

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches…

Medium

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HT…

High

CVE-2025-67843

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15…