Vulnerabilities

CVE-2025-67842

by Fred · 19/12/2025

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant’s assets can be served on any other tenant’s documentation site.

More information : https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28

Similar

Tags: Cybersecurity Alert