A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.
More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk
References
Configurations
Configuration 1 (hide)
|
History
04 Feb 2026, 21:11
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Vercel
Vercel ai |
|
| References | () https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed - Patch | |
| References | () https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk - Vendor Advisory | |
| CPE | cpe:2.3:a:vercel:ai:5.1.0:beta3:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta7:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta5:*:*:*:*:*:* cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta8:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta0:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta1:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta2:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta4:*:*:*:*:*:* cpe:2.3:a:vercel:ai:5.1.0:beta6:*:*:*:*:*:* |
Information
Published : 2025-11-07 01:15
Updated : 2026-02-04 21:11
NVD link : CVE-2025-48985
Mitre link : CVE-2025-48985
CVE.ORG link : CVE-2025-48985
JSON object : View
Products Affected
vercel
- ai
CWE
CWE-20
Improper Input Validation