CVE-2025-67846
Deployment ID Predictability Enables Downgrade Attacks in Mintlify
Publication date: 2025-12-19
Last updated on: 2025-12-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mintlify | platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-472 | The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Mintlify Platform's Deployment Infrastructure allows remote attackers to bypass security patches by exploiting predictable deployment identifiers on the Vercel preview domain. Attackers can find URLs of previous deployments that have unpatched vulnerabilities and access those older, vulnerable versions by navigating to specific git-ref or deployment-id subdomains, effectively forcing the application to load a downgraded, insecure version.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute downgrade attacks, causing the application to run older, vulnerable versions. This can lead to partial compromise of confidentiality and integrity of the system, as indicated by the CVSS score, potentially exposing sensitive data or allowing unauthorized changes without affecting availability.