Login Sign Up

CVE-2025-67843

8.3 HIGH
Remote Code Execution

📋 TL;DR

This Server-Side Template Injection vulnerability in Mintlify's MDX Rendering Engine allows attackers to execute arbitrary code by injecting malicious JSX expressions in MDX files. It affects all Mintlify Platform instances before November 15, 2025. Attackers can achieve remote code execution on affected systems.

💻 Affected Systems

Products:
  • Mintlify Platform
Versions: All versions before 2025-11-15
Operating Systems: All platforms running Mintlify
Default Config Vulnerable: ⚠️ Yes
Notes: Affects any Mintlify instance processing MDX files with inline JSX expressions.

📦 What is this software?

Mintlify by Mintlify

View all CVEs affecting Mintlify →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the server, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, and potential deployment of malware or ransomware.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially only causing denial of service or limited data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires uploading or injecting malicious MDX content with JSX expressions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions from 2025-11-15 onward

Vendor Advisory: https://www.mintlify.com/blog/working-with-security-researchers-november-2025

Restart Required: Yes

Instructions:

1. Update Mintlify Platform to version dated 2025-11-15 or later. 2. Restart the Mintlify service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable MDX file uploads

all

Temporarily block MDX file uploads or processing until patching is complete.

Configure web server/WAF to block .mdx file uploads

Input validation filter

all

Implement strict validation to reject MDX files containing JSX expressions.

Implement regex filter: /<[^>]*>/ to detect JSX

🧯 If You Can't Patch

  • Implement strict WAF rules to block MDX file uploads containing JSX patterns
  • Isolate Mintlify instances in network segments with limited access

🔍 How to Verify

Check if Vulnerable:

Check Mintlify version date - if before 2025-11-15, system is vulnerable.

Check Version:

Check Mintlify admin panel or deployment logs for version information

Verify Fix Applied:

Verify Mintlify version is 2025-11-15 or later and test MDX processing with safe content.

📡 Detection & Monitoring

Log Indicators:

  • Unusual MDX file uploads
  • JSX expression patterns in logs
  • Unexpected process execution

Network Indicators:

  • Suspicious file uploads to MDX endpoints
  • Outbound connections from Mintlify to unknown destinations

SIEM Query:

source="mintlify" AND (file_extension=".mdx" OR content CONTAINS "<" AND ">")

📊 Metadata

CVE ID: CVE-2025-67843
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE: CWE-1336
EPSS Score: 0.36% exploit probability (57.7th percentile)
Published: December 19, 2025
Last Updated: January 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67843, you might also want to check these:

CVE-2025-46661 10.0

CVE-2025-46661 is an unauthenticated remote code execution vulnerability in IPW Systems Metazo throu...

Same vulnerability type (CWE-1336)
CVE-2025-47916 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary PHP code on Invision...

Same vulnerability type (CWE-1336)
CVE-2024-12583 9.9

The Dynamics 365 Integration plugin for WordPress has a Server-Side Template Injection vulnerability...

Same vulnerability type (CWE-1336)