CVE-2025-67898

Name of the Vulnerable Software and Affected Versions MJML versions through 4.18.0

Description The software contains a directory traversal flaw within the mj-include functionality. This allows an attacker to check for the existence of files and, in cases where the type is set to "css", read files. This issue stems from an incomplete resolution of a previously identified problem.

Recommendations Update to a version beyond 4.18.0.