CVE-2025-61685 is a medium-severity vulnerability affecting the mastra-ai mastra framework, specifically versions 0.13.8 through 0.13.20-alpha.0. Mastra is a Typescript framework designed for building AI agents and assistants. The vulnerability arises from an improper implementation of directory traversal protection. Although the code includes a security check intended to prevent path traversal when reading file contents, this check is bypassed by subsequent logic that attempts to provide directory suggestions. This flaw allows an attacker to perform a directory listing attack, enabling them to enumerate the contents of arbitrary directories on the user's filesystem, including sensitive locations such as the user's home directory. The exposure of directory listings can reveal critical information about the file system structure, potentially aiding further attacks such as targeted exploitation or social engineering. Notably, the vulnerability does not allow modification or deletion of files, nor does it require user interaction, but it does require some level of privileges (PR:L) on the system to exploit remotely (AV:N). The vulnerability has a CVSS v3.1 base score of 6.5, reflecting a medium severity level, with a high impact on confidentiality but no impact on integrity or availability. The issue is resolved in version 0.13.20 of the mastra framework. There are no known exploits in the wild at this time, but the vulnerability is publicly disclosed and should be addressed promptly to prevent potential information leakage.

For European organizations using the mastra-ai mastra framework in affected versions, this vulnerability poses a significant risk to confidentiality. Exposure of directory listings can reveal sensitive file system structures, configuration files, user data, or other information that could facilitate further attacks such as privilege escalation, lateral movement, or targeted phishing campaigns. Organizations in sectors with high data sensitivity, such as finance, healthcare, and government, could face increased risk if attackers leverage this vulnerability to gain insights into internal systems. Since the vulnerability requires some level of privileges, it is particularly concerning in environments where multiple users or services operate with elevated permissions. The lack of impact on integrity and availability reduces the risk of direct system disruption, but the information disclosure alone can have serious consequences for compliance with data protection regulations like GDPR, potentially leading to legal and reputational damage. Additionally, AI-driven applications built on mastra may be part of critical business workflows, so information leakage could indirectly affect operational security.

European organizations should immediately upgrade all instances of the mastra framework to version 0.13.20 or later, where the vulnerability is fixed. Until the upgrade can be performed, organizations should restrict access to systems running vulnerable versions by implementing strict network segmentation and access controls to limit exposure to trusted users only. Conduct thorough audits of user privileges to ensure that only necessary accounts have the level of access required to exploit this vulnerability. Employ runtime application self-protection (RASP) or web application firewalls (WAFs) with custom rules to detect and block suspicious directory traversal attempts targeting mastra-based applications. Additionally, monitor logs for unusual directory listing requests or access patterns that could indicate exploitation attempts. Educate developers and system administrators about secure coding practices related to path traversal and directory access to prevent similar issues in future deployments. Finally, perform regular vulnerability scans and penetration tests focusing on directory traversal and information disclosure vectors in AI frameworks and related components.