Unrated severityNVD Advisory· Published Dec 19, 2025· Updated Dec 23, 2025
CVE-2025-67842
CVE-2025-67842
Description
The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2025-11-15+ 1 more
- (no CPE)range: <2025-11-15
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.