CVE-2025-67898

CVSS v3.1

4.5

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions MJML versions through 4.18.0

Description The software contains a directory traversal flaw within the

mj-include

functionality. This allows an attacker to check for the existence of files and, in cases where the type is set to "css", read files. This issue stems from an incomplete resolution of a previously identified problem.

Recommendations Update to a version beyond 4.18.0.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-36

Related Identifiers

CVE-2025-67898

Affected Products

Mjml

CVE-2025-67898

Weakness Enumeration

Related Identifiers

Affected Products

References · 6