{"data":{"id":"8cc8330f-fc1a-4faf-a805-4642a7efc423","title":"CVE-2025-61685: Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vuln","summary":"Mastra (a TypeScript framework for building AI agents and assistants) versions 0.13.8 through 0.13.20-alpha.0 have a directory traversal vulnerability, which means an attacker can bypass security checks to list files and folders in any directory on a user's computer, potentially exposing sensitive information. The flaw exists because while the code tries to prevent path traversal (unauthorized access to files through manipulated file paths) for reading files, a separate part of the code that suggests directories can be exploited to work around this protection.","solution":"This issue is fixed in version 0.13.20.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-61685","publishedAt":"2025-10-03T23:15:29.870Z","cveId":"CVE-2025-61685","cweIds":["CWE-548"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Mastra"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0038,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}