CVE-2025-67846

Medium CVSS: 4.9

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that contains unpatched vulnerabilities. By browsing directly to the specific git-ref or deployment-id subdomain, the attacker can force the application to load the vulnerable version.

Vendor

Mintlify

Product

Mintlify

CWE

CWE-472

Yayın Tarihi

2025-12-19 02:16:09

Güncelleme

2026-01-02 15:46:16

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-472 Mintlify MEDIUM Mintlify 2025

Referanslar

https://kibty.town/blog/mintlify/ https://news.ycombinator.com/item?id=46317098 https://www.mintlify.com/blog/working-with-security-researchers-november-2025 https://www.mintlify.com/docs/changelog

Benzer Kayıtlar

Medium

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository…

Medium

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows rem…

Medium

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HT…

High

CVE-2025-67843

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15…