{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-48985","assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","state":"PUBLISHED","assignerShortName":"hackerone","dateReserved":"2025-05-29T15:00:04.775Z","datePublished":"2025-11-07T00:43:28.027Z","dateUpdated":"2025-12-01T20:12:57.508Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.\r\n\r\nMore details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk"}],"affected":[{"vendor":"Vercel","product":"AI SDK","versions":[{"version":"5.0.51","status":"affected","lessThanOrEqual":"5.0.51","versionType":"semver"},{"version":"6.0.0-beta.*","status":"unaffected","lessThan":"6.0.0-beta.*","versionType":"semver"},{"version":"5.1.0-beta.8","status":"affected","lessThanOrEqual":"5.1.0-beta.8","versionType":"semver"},{"version":"5.1.0-beta.9","status":"unaffected","lessThan":"5.1.0-beta.9","versionType":"semver"},{"version":"5.0.52","status":"unaffected","lessThan":"5.0.52","versionType":"semver"}]}],"references":[{"url":"https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed"},{"url":"https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW"}}],"providerMetadata":{"orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone","dateUpdated":"2025-11-07T00:43:28.027Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-20","lang":"en","description":"CWE-20 Improper Input Validation"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-07T18:35:11.407430Z","id":"CVE-2025-48985","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-01T20:12:57.508Z"}}]}}