Medium Published: Dec 14, 2025

CVE-2025-67898

4.5 CVSS Score Medium

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

Export CVE-2025-67898 Data:

Link copied!

Description

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

CVSS Vector Details

Attack Vector Local

Attack Complexity High

Privileges Required None

User Interaction None

Scope Changed

Confidentiality Low

Integrity None

Availability Low

Weaknesses (CWE)

CWE-36

References & External Links

https://github.com/mjmlio/mjml/issues/3018

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker