Unrated severityNVD Advisory· Published Dec 19, 2025· Updated Dec 19, 2025

CVE-2025-67844

Description

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.

Affected products

Mintlify/Mintlify Platformllm-fuzzy
Mintlify/Mintlify Platformv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kibty.town/blog/mintlify/mitre
news.ycombinator.com/itemmitre
www.mintlify.com/blog/working-with-security-researchers-november-2025mitre
www.mintlify.com/docs/changelogmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000