How to hack Discord, Vercel and more with one easy trick
a day ago
- #vulnerability
- #documentation
- #security
- Mintlify is a B2B SaaS documentation platform used by companies like Discord, Vercel, and Cursor.
- Discovered a Remote Code Execution (RCE) vulnerability (CVE-2025-67843) in Mintlify's MDX rendering, allowing server-side code execution.
- Exploited the RCE to exfiltrate sensitive data including environment variables and app files.
- Identified a Targeted XSS vulnerability (CVE-2025-67842) via static asset routes, enabling 1-click XSS on customer domains.
- Bypassed the initial patch for the Targeted XSS using URL-encoded path traversal (CVE-2025-67845).
- Found additional non-critical vulnerabilities: GitHub IDOR (CVE-2025-67844) and Downgrade Attack (CVE-2025-67846).
- Impact included potential supply chain attacks on major companies, defacement, XSS, and repository access.
- Mintlify swiftly patched all vulnerabilities and awarded a $5,000 bounty for the findings.
- Collaborated with researchers Hackermon and MDL, who independently discovered similar vulnerabilities.