CVE-2025-67898

Published December 14th, 2025

View on NVD ↗

CVSS v3

4.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

mjmlio/mjml

MJML: the only framework that makes responsive-email easy

GitHub

18.1K