CVE-2025-67845

Summary

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.

Affected Software

VendorProductVersion RangeStatus
MintlifyMintlify Platform0 < 2025-11-15affected

Weaknesses

  • CWE-24: CWE-24 Path Traversal: '../filedir'

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References