PT-2025-52406 · Unknown · Mintlify Platform

Dan

+2

·

Publicado

2025-12-18

·

Atualizado

2026-01-02

·

CVE-2025-67845

CVSS v3.1

6.4

Média

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15
Description A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing path traversal sequences. The endpoint vulnerable to this issue is the /static asset proxy endpoint. The vulnerability involves manipulating the URL to access files outside the intended directory.
Recommendations Update Mintlify Platform to version 2025-11-15 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-24

Identificadores relacionados

CVE-2025-67845

Produtos afetados

Mintlify Platform