exploitDog

CVE-2025-67843

Опубликовано: 19 дек. 2025

Источник: nvd

CVSS3: 8.3

CVSS3: 9.8

EPSS Низкий

Описание

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

Ссылки

https://kibty.town/blog/mintlify/
Exploit
Third Party Advisory
https://news.ycombinator.com/item?id=46317098
Issue Tracking
https://www.mintlify.com/blog/working-with-security-researchers-november-2025
Vendor Advisory
https://www.mintlify.com/docs/changelog
Release Notes
https://kibty.town/blog/mintlify/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mintlify:mintlify:*:*:*:*:*:*:*:*

Версия до 2025-11-15 (исключая)

EPSS

Процентиль: 58%

0.00361

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-1336

Связанные уязвимости

GHSA-6p6p-x42g-j3hv

CVSS3: 8.3

github

около 2 месяцев назад

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

EPSS

Процентиль: 58%

0.00361

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-1336