Data Exposure in GitHub Integration API on Mintlify Platform
CVE-2025-67844

5MEDIUM

Key Information:

Vendor: Mintlify
Status: Mintlify Platform
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-67844?

The GitHub Integration API in the Mintlify Platform prior to the November 15, 2025 update contains a security weakness allowing remote attackers to access sensitive metadata related to repositories. This occurs due to inadequate validation of the repository owner and name fields, which can be manipulated to obtain information from repositories that do not belong to the user's organization. This vulnerability highlights the importance of proper authentication mechanisms in API integrations.

Affected Version(s)

Mintlify Platform 0 < 2025-11-15

References

https://www.mintlify.com/docs/changelog

https://www.mintlify.com/blog/working-with-security-resea...

https://kibty.town/blog/mintlify/

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Dec 12, 2025

JSON