CVE-2025-67844_CVE-2025-67844

5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Description

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.

Basic Information

ID CVE-2025-67844

Source mitre

Published Dec 19, 2025 at 00:00

Modified Dec 19, 2025 at 01:59

Affected Product

Vendor Mintlify

Product Mintlify Platform

Affected Versions Mintlify Mintlify Platform 0

CWE Classification

CWE-425

References

{
    "lastseen": "",
    "description": "The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.",
    "published": "2025-12-19T00:00:00.000Z",
    "modified": "2025-12-19T01:59:24.834Z",
    "type": "cve",
    "title": "CVE-2025-67844",
    "source": "mitre",
    "references": "https://www.mintlify.com/docs/changelog\nhttps://www.mintlify.com/blog/working-with-security-researchers-november-2025\nhttps://kibty.town/blog/mintlify/\nhttps://news.ycombinator.com/item?id=46317098",
    "id": "CVE-2025-67844",
    "bulletinFamily": "",
    "cwe": [
        "CWE-425"
    ],
    "cvelist": null,
    "sourceData": "Mintlify Mintlify Platform 0",
    "sourceHref": "",
    "cvss": {
        "score": 5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mintlify Platform",
    "version": "0",
    "vendor": "Mintlify",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}