CVE-2025-67898

Medium CVSS: 4.5

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

Vendor

Product

CWE

CWE-36

Yayın Tarihi

2025-12-14 22:15:36

Güncelleme

2025-12-15 18:22:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-36 MEDIUM 2025

Referanslar

https://github.com/mjmlio/mjml/issues/3018