CVE-2025-67846

MEDIUM

Mintlify Platform <2025-11-15 - Auth Bypass

Title source: llm

Description

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that contains unpatched vulnerabilities. By browsing directly to the specific git-ref or deployment-id subdomain, the attacker can force the application to load the vulnerable version.

References (4)

Scores

CVSS v3 4.9
EPSS 0.0006
EPSS Percentile 19.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Classification

CWE
CWE-472
Status published

Affected Products (1)

mintlify/mintlify < 2025-11-15

Timeline

Published Dec 19, 2025
Tracked Since Feb 18, 2026