CVE-2025-67843

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15

Description A Server-Side Template Injection (SSTI) flaw exists in the MDX Rendering Engine of Mintlify Platform. This issue allows remote attackers to execute arbitrary code through inline JSX expressions within an MDX file. The vulnerability is related to the processing of MDX files and the rendering of JSX expressions. SSTI occurs when user-supplied input is incorporated into a server-side template without proper sanitization, allowing an attacker to inject malicious code that is then executed by the server.

Recommendations Update Mintlify Platform to a version released on or after 2025-11-15.