External Control of Assumed-Immutable Web Parameter

CVE-2025-67846

Medium

4.9/10

Summary

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that contains unpatched vulnerabilities. By browsing directly to the specific git-ref or deployment-id subdomain, the attacker can force the application to load the vulnerable version.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-472 - External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References

Advisory Timeline

Published Dec 19, 2025

External Control of Assumed-Immutable Web Parameter

CVE-2025-67846

Summary

CWE-472 - External Control of Assumed-Immutable Web Parameter

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS