CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-48985

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.6%

CVSS Severity

CVSS v3 Score 3.7

References

https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed
https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

Products affected by CVE-2025-48985

Vercel » Ai » Version: Any

cpe:2.3:a:vercel:ai:*
Vercel » Ai » Version: 5.1.0

cpe:2.3:a:vercel:ai:5.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-48985

Products

Pricing

Contact Us