CVE-2025-61685

Name of the Vulnerable Software and Affected Versions Mastra versions 0.13.8 through 0.13.20-alpha.0

Description Mastra, a Typescript framework for building AI agents and assistants, is susceptible to a Directory Traversal issue. The framework includes a security check intended to prevent path traversal when reading file contents, but this check is bypassed by subsequent logic used to find directory suggestions. This allows an attacker to list the contents of arbitrary directories on the user's filesystem, potentially exposing sensitive information about the file system's structure, including the user's home directory.

Recommendations Update to version 0.13.20 or later.