Directory Traversal Vulnerability in MJML by MJMLio
CVE-2025-67898

4.5MEDIUM

Key Information:

Vendor: Mjml
Status: Mjml
Vendor: CVE Published:; 14 December 2025

What is CVE-2025-67898?

MJML version 4.18.0 exposes a directory traversal vulnerability that allows attackers to test the existence of files and potentially read them, particularly in cases involving CSS files. This vulnerability arises from an incomplete resolution of a prior issue, which may lead to unauthorized access to sensitive information stored in the file system.

Affected Version(s)

MJML 0 <= 4.18.0

References

https://github.com/mjmlio/mjml/issues/3018

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2025
Vulnerability Reserved
Dec 14, 2025

JSON

Mjml

What is CVE-2025-67898?

Affected Version(s)

References

CVSS V3.1

Timeline