Remote Code Execution Vulnerability in Mintlify Platform
CVE-2025-67846

4.9MEDIUM

Key Information:

Vendor: Mintlify
Status: Mintlify Platform
Vendor: CVE Published:; 19 December 2025

What is CVE-2025-67846?

The Deployment Infrastructure in the Mintlify Platform prior to November 15, 2025, is susceptible to remote code execution attacks. Attackers can bypass security patches implemented in the application and exploit predictable deployment identifiers on the Vercel preview domain. By discerning the URL structure of unpatched previous deployments, attackers can effectively conduct downgrade attacks, forcing the application to revert to and execute vulnerable versions by directly accessing specific git-ref or deployment-id subdomains.

Affected Version(s)

Mintlify Platform 0 < 2025-11-15

References

https://www.mintlify.com/docs/changelog

https://www.mintlify.com/blog/working-with-security-resea...

https://kibty.town/blog/mintlify/

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2025
Vulnerability Reserved
Dec 12, 2025

JSON