CVE-2025-67842
MEDIUMDescription
The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.
Is your site exposed to CVE-2025-67842?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mintlify | mintlify |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-67842? +
How severe is CVE-2025-67842? +
What products are affected by CVE-2025-67842? +
How do I check if I'm vulnerable to CVE-2025-67842? +
Related Vulnerabilities
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota plugin add` and `kiota plugin generate` (with …
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, `kiota info` read x-ms-kiota-info.languagesInformation.<language>.dependencyInstallCommand plus dependency name and …
conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the …
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, …
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an …
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those …