Low severityNVD Advisory· Published Nov 7, 2025· Updated Dec 1, 2025
CVE-2025-48985
CVE-2025-48985
Description
A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.
More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ainpm | < 5.0.52 | 5.0.52 |
ainpm | >= 5.1.0-beta.0, < 5.1.0-beta.9 | 5.1.0-beta.9 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/kibana-8.19pkg:apk/chainguard/kibana-8.19-bitnamipkg:apk/chainguard/kibana-8.19-iamguardedpkg:apk/chainguard/kibana-9.1pkg:apk/chainguard/kibana-9.1-iamguardedpkg:apk/chainguard/kibana-9.2pkg:apk/chainguard/kibana-9.2-iamguardedpkg:npm/ai
< 8.19.9-r0+ 7 more
- (no CPE)range: < 8.19.9-r0
- (no CPE)range: < 8.19.9-r0
- (no CPE)range: < 8.19.9-r0
- (no CPE)range: < 9.1.9-r0
- (no CPE)range: < 9.1.9-r0
- (no CPE)range: < 9.2.3-r0
- (no CPE)range: < 9.2.3-r0
- (no CPE)range: < 5.0.52
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.