Platform
nodejs
Component
xataio/xata-agent
Fixed in
0.1.1
0.2.1
0.3.1
CVE-2025-6283 describes a problematic Path Traversal vulnerability discovered in Xata Agent, affecting versions from 0.1 up to and including 0.3.0. This vulnerability allows attackers to potentially access sensitive files outside of the intended directory. The issue is resolved with an upgrade to version 0.3.1, and the associated patch is identified as 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc.
The Path Traversal vulnerability in Xata Agent allows an attacker to manipulate file paths, potentially gaining access to sensitive data or executing arbitrary code if the accessed files contain executable content. Successful exploitation could lead to unauthorized disclosure of configuration files, database credentials, or other critical information. While the CVSS score is LOW, the potential for data exposure and the ease of exploitation warrant immediate attention. The impact is amplified if the Xata Agent is deployed in a production environment with sensitive data.
This vulnerability is publicly disclosed and has a LOW CVSS score. No public proof-of-concept exploits have been identified at the time of writing. The vulnerability was published on 2025-06-19. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.17% (38% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-6283 is to upgrade Xata Agent to version 0.3.1 or later. This version includes the necessary patch (03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc) to address the vulnerability. If an immediate upgrade is not feasible, consider implementing temporary restrictions on file access within the Xata Agent environment. Review and restrict file permissions to limit the potential impact of a successful attack. After upgrading, confirm the fix by attempting to access files outside the intended directory; access should be denied.
Update Xata Agent to version 0.3.1 or higher. This corrects the path traversal vulnerability. You can update the package using npm or yarn as appropriate.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-6283 is a Path Traversal vulnerability affecting Xata Agent versions 0.1 through 0.3.1, allowing attackers to potentially access unauthorized files.
If you are using Xata Agent versions 0.1 to 0.3.1, you are affected by this vulnerability. Upgrade to version 0.3.1 to mitigate the risk.
Upgrade Xata Agent to version 0.3.1 or later. The patch ID is 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc.
As of the current assessment, there are no confirmed reports of active exploitation of CVE-2025-6283.
Refer to the Xata Agent release notes and security advisories on the Xata website for details about this vulnerability and the corresponding fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.