CVE-2025-67843
8.3HIGHA Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in
Publicado: 12/19/2025Atualizado: 1/2/2026
Descrição
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.
Análise IADesenvolvido por IA
Produtos Afetados
mintlifymintlify
Referências
- https://kibty.town/blog/mintlify/ExploitThird Party Advisory
- https://news.ycombinator.com/item?id=46317098Issue Tracking
- https://www.mintlify.com/blog/working-with-security-researchers-november-2025Vendor Advisory
- https://www.mintlify.com/docs/changelogRelease Notes
- https://kibty.town/blog/mintlify/ExploitThird Party Advisory