CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://kibty.town/blog/mintlify/	Exploit Third Party Advisory
https://news.ycombinator.com/item?id=46317098	Issue Tracking
https://www.mintlify.com/blog/working-with-security-researchers-november-2025	Vendor Advisory
https://www.mintlify.com/docs/changelog	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:mintlify:mintlify:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-12-19 02:16

Updated : 2026-01-02 16:10

NVD link : CVE-2025-67844

Mitre link : CVE-2025-67844

CVE.ORG link : CVE-2025-67844

JSON object : View

Products Affected

mintlify

mintlify

CWE

CWE-425

Direct Request ('Forced Browsing')

{"id": "CVE-2025-67844", "cveTags": [{"tags": ["exclusively-hosted-service"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-12-19T02:16:09.147", "references": [{"url": "https://kibty.town/blog/mintlify/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://news.ycombinator.com/item?id=46317098", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://www.mintlify.com/blog/working-with-security-researchers-november-2025", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.mintlify.com/docs/changelog", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-425"}]}], "descriptions": [{"lang": "en", "value": "The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization."}], "lastModified": "2026-01-02T16:10:46.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mintlify:mintlify:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E599124-4B00-4D5C-ADB5-EC4564D3E5BF", "versionEndExcluding": "2025-11-15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}