Mintlify, a documentation platform, was recently scrutinized for several severe security vulnerabilities. The author, motivated by Discord's switch to Mintlify, explored how the platform handles MDX files for documentation. They discovered a remote code execution vulnerability (CVE-2025-67843) that allowed them to execute arbitrary code on Mintlify's servers. With a simple payload, they accessed sensitive environment variables and application files, leading to potential mass cross-site scripting (XSS) attacks on multiple customer domains, including Discord and Vercel. The investigation revealed a targeted XSS vulnerability (CVE-2025-67842) that enabled the author to craft URLs capable of executing JavaScript in users' browsers. This was particularly alarming as it could compromise tokens stored in local storage. Further attempts to exploit the platform exposed a patch bypass (CVE-2025-67845), where the author could still access sensitive assets through path traversal techniques. Other non-critical vulnerabilities included improper validation of GitHub repository access (CVE-2025-67844) and a downgrade attack (CVE-2025-67846) that could leverage old, vulnerable deployments. Mintlify responded quickly to the findings, implementing patches that restricted MDX parsing, enforced organization-based asset access, and enhanced security checks against path traversal. The author received a $5,000 reward for their efforts. The vulnerabilities posed significant risks to companies relying on Mintlify, highlighting the importance of rigorous security practices in software development and deployment.