Input Validation Bypass in Vercel AI SDK
CVE-2025-48985

3.7LOW

Key Information:

Vendor: Vercel
Status: Ai Sdk
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-48985?

A vulnerability exists in Vercel’s AI SDK that may enable attackers to bypass filetype whitelists during file uploads. This flaw could potentially allow unauthorized file uploads, leading to security risks for affected systems. Users are strongly advised to upgrade to the newly released versions 5.0.52, 5.1.0-beta.9, or 6.0.0-beta to mitigate this threat and secure their applications. For comprehensive information about this issue, please refer to the Vercel changelog.

Affected Version(s)

AI SDK 5.0.51

AI SDK 5.1.0-beta.8

AI SDK 6.0.0-beta.*

References

https://github.com/vercel/ai/commit/930399bb9839a8baf3d34...

https://vercel.com/changelog/cve-2025-48985-input-validat...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
May 29, 2025

JSON