CVE-2025-67845
MEDIUMMintlify < 2025-11-15 - Path Traversal
Title source: ruleDescription
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.
References (5)
Scores
CVSS v3
6.4
EPSS
0.0014
EPSS Percentile
34.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Classification
CWE
CWE-24
Status
published
Affected Products (1)
mintlify/mintlify
< 2025-11-15
Timeline
Published
Dec 19, 2025
Tracked Since
Feb 18, 2026