CVE-2025-67842 is a vulnerability identified in the Mintlify Platform, specifically in its Static Asset API prior to the patch date of November 15, 2025. The issue stems from the platform's handling of the 'subdomain' parameter, which allows any tenant's static assets to be served on any other tenant's documentation site. This cross-tenant asset serving creates an inclusion of functionality from an untrusted control sphere (CWE-829), enabling remote attackers with limited privileges to inject arbitrary web scripts or HTML content. The vulnerability can be exploited remotely without user interaction, but requires some level of privileges (PR:L), indicating that the attacker must have some authenticated access or tenant-level permissions. The vulnerability leads to a partial compromise of confidentiality and integrity, as attackers could execute malicious scripts in the context of another tenant's documentation site, potentially leading to data leakage, session hijacking, or defacement. The vulnerability does not impact availability. The CVSS v3.1 score is 6.4 (medium), reflecting the network attack vector, low attack complexity, required privileges, no user interaction, and a scope change due to cross-tenant impact. No public exploits are known at this time, and no official patches have been linked, though the vulnerability is reserved and published in December 2025. The root cause is insufficient tenant isolation and improper validation of the subdomain parameter in the Static Asset API, which should enforce strict boundaries between tenants' assets.

For European organizations using the Mintlify Platform, this vulnerability poses a risk of cross-tenant data exposure and integrity compromise. Attackers with limited privileges could inject malicious scripts into documentation sites of other tenants, potentially leading to unauthorized access to sensitive information, session hijacking, or manipulation of displayed content. This could undermine trust in documentation integrity and expose confidential technical or business information. The impact is particularly significant for organizations relying on Mintlify for internal or customer-facing documentation that includes sensitive or proprietary data. While availability is not affected, the breach of confidentiality and integrity could lead to compliance issues under GDPR, reputational damage, and potential financial losses. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, are at higher risk. The cross-tenant nature of the vulnerability increases the attack surface, making multi-tenant SaaS users more vulnerable to lateral attacks within the platform.

To mitigate this vulnerability, organizations should ensure that Mintlify applies strict tenant isolation mechanisms in the Static Asset API, preventing any tenant's assets from being served on another tenant's documentation site. Validate and sanitize the 'subdomain' parameter rigorously to disallow unauthorized asset inclusion. Until an official patch is released, organizations should restrict access to the Mintlify Platform to trusted users only and monitor for unusual activity related to asset requests or script injections. Implement Content Security Policy (CSP) headers to limit the impact of potential script injections. Regularly audit and review tenant configurations and permissions to minimize privilege levels. If possible, isolate critical documentation environments from general user access and consider alternative documentation hosting solutions with stronger multi-tenant security guarantees. Stay updated with Mintlify's security advisories and apply patches promptly once available.