CVE-2025-48985

low

Description

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

References

https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed

Details

Source: Mitre, NVD

Published: 2025-11-07

Updated: 2025-11-07

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Low

EPSS

EPSS: 0.00029