CVE-2025-6101

Name of the Vulnerable Software and Affected Versions letta-ai letta versions up to 0.4.1

Description A critical issue has been found in the function function message of the file letta/letta/interface.py. The manipulation of the argument function name/function args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 0.4.1, as a temporary workaround, consider disabling the function message function until a patch is available. Restrict access to the letta/letta/interface.py file to minimize the risk of exploitation. Avoid using the function name and function args arguments in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.