CVE-2025-67842_CVE-2025-67842

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Description

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.

Basic Information

ID CVE-2025-67842

Source mitre

Published Dec 19, 2025 at 00:00

Modified Dec 19, 2025 at 01:45

Affected Product

Vendor Mintlify

Product Mintlify Platform

Affected Versions Mintlify Mintlify Platform 0

CWE Classification

CWE-829

References

{
    "lastseen": "",
    "description": "The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.",
    "published": "2025-12-19T00:00:00.000Z",
    "modified": "2025-12-19T01:45:01.033Z",
    "type": "cve",
    "title": "CVE-2025-67842",
    "source": "mitre",
    "references": "https://www.mintlify.com/docs/changelog\nhttps://www.mintlify.com/blog/working-with-security-researchers-november-2025\nhttps://kibty.town/blog/mintlify/\nhttps://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28\nhttps://news.ycombinator.com/item?id=46317098",
    "id": "CVE-2025-67842",
    "bulletinFamily": "",
    "cwe": [
        "CWE-829"
    ],
    "cvelist": null,
    "sourceData": "Mintlify Mintlify Platform 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mintlify Platform",
    "version": "0",
    "vendor": "Mintlify",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}