- Description
- The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
- Products
- mintlify
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-425
- Hype score
- Not currently trending
CVE-2025-67844 The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fi… https://t.co/ycTw4XErjL
@CVEnew
19 Dec 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Redacted by Counsel: A supply chain postmortem on CVE-2025-67842, CVE-2025-67843, CVE-2025-67844, CVE-2025-67845 and CVE-2025-67846 https://t.co/As3XCuqQVI
@MDLcsgo
18 Dec 2025
3979 Impressions
2 Retweets
12 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-67842 CVE-2025-67843 CVE-2025-67844 CVE-2025-67845 CVE-2025-67846 w/ @hackermondev, @MDLcsgo
@xyz3va
13 Dec 2025
15713 Impressions
14 Retweets
273 Likes
70 Bookmarks
14 Replies
3 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mintlify:mintlify:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E599124-4B00-4D5C-ADB5-EC4564D3E5BF",
"versionEndExcluding": "2025-11-15"
}
],
"operator": "OR"
}
]
}
]