CVE-2025-67843

HIGH8.3

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file

Published Dec 19, 2025

Modified 2 months ago

Details

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

References

DETECTION

https://kibty.town/blog/mintlify/

WEB

https://news.ycombinator.com/item?id=46317098

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-67843

WEB

https://www.mintlify.com/blog/working-with-security-researchers-november-2025

WEB

https://www.mintlify.com/docs/changelog

CVSS Analysis