Cyber Posture

CVE-2025-67843

HighPublic PoC

Published: 19 December 2025

Published
19 December 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0054 67.8th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the SSTI flaw in the MDX Rendering Engine by deploying Mintlify Platform version 2025-11-15 or later as specified in vendor advisories.

SI-10 Information Input Validation good match
prevent

Prevents arbitrary code execution by validating and sanitizing inline JSX expressions in user-supplied MDX files prior to server-side rendering.

CM-6 Configuration Settings partial match
prevent

Mitigates the vulnerability by enforcing secure configuration settings for the MDX Rendering Engine to disable or restrict unsafe template evaluation features.

Security SummaryAI

CVE-2025-67843 is a Server-Side Template Injection (SSTI) vulnerability, classified under CWE-1336, affecting the MDX Rendering Engine in the Mintlify Platform prior to version 2025-11-15. It enables remote attackers to execute arbitrary code by injecting inline JSX expressions into an MDX file. The vulnerability carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to its network accessibility, low attack complexity, and potential for high confidentiality and integrity impacts with low availability disruption.

Attackers with low privileges, such as authenticated users on the Mintlify Platform, can exploit this vulnerability remotely without user interaction. By crafting malicious inline JSX expressions within an MDX file, they achieve arbitrary code execution on the server, potentially leading to data breaches, modification of platform content, or limited denial-of-service effects.

Mitigation details are available in vendor advisories, including Mintlify's changelog at https://www.mintlify.com/docs/changelog and their blog post on working with security researchers at https://www.mintlify.com/blog/working-with-security-researchers-november-2025. Security practitioners should ensure deployment of Mintlify Platform version 2025-11-15 or later to address the issue, as earlier versions remain vulnerable. Additional analysis appears in references such as https://kibty.town/blog/mintlify/ and Hacker News discussion at https://news.ycombinator.com/item?id=46317098.

Details

CWE(s)
CWE-1336

Affected Products

mintlify
mintlify
≤ 2025-11-15

MITRE ATT&CK Enterprise TechniquesAI

T1221 Template Injection Stealth
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

CVE-2025-67843 is explicitly a Server-Side Template Injection (SSTI) vulnerability, directly enabling T1221: Template Injection for arbitrary code execution via injected JSX in MDX files. As a high-severity flaw in a network-accessible web platform exploitable by low-privilege authenticated users, it also facilitates T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References