exploitDog

CVE-2025-67845

Опубликовано: 19 дек. 2025

Источник: nvd

CVSS3: 6.4

CVSS3: 5.4

EPSS Низкий

Описание

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.

Ссылки

https://heartbreak.ing/
Third Party Advisory
https://kibty.town/blog/mintlify/
Exploit
Third Party Advisory
https://news.ycombinator.com/item?id=46317098
Issue Tracking
https://www.mintlify.com/blog/working-with-security-researchers-november-2025
Vendor Advisory
https://www.mintlify.com/docs/changelog
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mintlify:mintlify:*:*:*:*:*:*:*:*

Версия до 2025-11-15 (исключая)

EPSS

Процентиль: 26%

0.00091

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-24

Связанные уязвимости

GHSA-g5pm-7qx6-f2hg

CVSS3: 6.4

github

около 2 месяцев назад

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.

EPSS

Процентиль: 26%

0.00091

Низкий

6.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-24