CVE-2025-61685
The CVE concerns Mastra (Typescript framework) with vulnerable versions 0.13.8–0.13.20-alpha.0, where a Directory Traversal flaw affects the MCP server package @mastra/mcp-docs-server. The issue stems from bypassable path-traversal checks in readMdxContent combined with a flawed execute path that...