CVE-2025-67898: MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

December 15, 2025 (updated December 17, 2025)

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type=“css” case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

References

github.com/advisories/GHSA-45h5-66jx-r2wf
github.com/mjmlio/mjml
github.com/mjmlio/mjml/issues/3018
nvd.nist.gov/vuln/detail/CVE-2020-12827
nvd.nist.gov/vuln/detail/CVE-2025-67898

Code Behaviors & Features

Detect and mitigate CVE-2025-67898 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →