CVE-2025-48985

Low CVSS: 3.7

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.

More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

Vendor

Vercel

Product

CWE

CWE-20

Yayın Tarihi

2025-11-07 01:15:36

Güncelleme

2026-02-04 21:11:11

Source Identifier

support@hackerone.com

KEV Date Added

Kategoriler

CWE-20 Ai LOW Vercel 2025

Referanslar

https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

Benzer Kayıtlar

Medium

CVE-2026-29057

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 1…

Medium

CVE-2026-27979

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 1…

Medium

CVE-2026-27980

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 1…

Medium

CVE-2026-27978

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 1…

Low

CVE-2026-27977

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 1…

Medium

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in min…