CVE-2025-67845

MEDIUM6.4

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences

Published Dec 19, 2025

Modified 2 months ago

Details

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.

References

WEB

https://heartbreak.ing/

WEB

https://kibty.town/blog/mintlify/

WEB

https://news.ycombinator.com/item?id=46317098

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-67845

WEB

https://www.mintlify.com/blog/working-with-security-researchers-november-2025

WEB