Directory Traversal Vulnerability in Mastra Framework by Mastra AI
CVE-2025-61685

6.5MEDIUM

Key Information:

Vendor: Mastra-ai
Status: Mastra
Vendor: CVE Published:; 3 October 2025

What is CVE-2025-61685?

The Mastra framework has a vulnerability that allows attackers to exploit a Directory Traversal issue, leading to unauthorized access to sensitive directory listings. This is due to a flawed logic in the security checks designed to prevent path traversal, which can be bypassed during the directory suggestion process. Attackers can leverage this vulnerability to reveal the contents of arbitrary directories on the victim's filesystem, including sensitive information stored within the user's home directory. It is crucial for users of versions 0.13.8 to 0.13.20-alpha.0 to upgrade to version 0.13.20 to mitigate this risk.

Affected Version(s)

mastra <= 0.13.8, < 0.13.20

References

https://github.com/mastra-ai/mastra/security/advisories/G...

x_refsource_CONFIRM

https://github.com/mastra-ai/mastra/commit/7f2b528ba82db5...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2025
Vulnerability Reserved
Sep 29, 2025

JSON

Mastra-ai

What is CVE-2025-61685?

Affected Version(s)

References

CVSS V3.1

Timeline