CVE-2025-48985

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-48985
A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

3.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed Patch
https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta0:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta6:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:vercel:ai:5.1.0:beta8:*:*:*:*:*:*
History

No history.

Information

Published : 2025-11-07 01:15

Updated : 2026-02-04 21:11

NVD link : CVE-2025-48985

Mitre link : CVE-2025-48985

CVE.ORG link : CVE-2025-48985

JSON object : View

Products Affected

vercel

  • ai
CWE
CWE-20

Improper Input Validation