PT-2025-45397 · Vercel · Vercel Ai Sdk
Published
2025-11-07
·
Updated
2025-12-29
·
CVE-2025-48985
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Vercel AI SDK versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta
Description
A flaw exists in Vercel’s AI SDK that could allow users to bypass filetype whitelists during file uploads. This bypass could potentially lead to unauthorized file uploads.
Recommendations
Upgrade to Vercel AI SDK version 5.0.52.
Upgrade to Vercel AI SDK version 5.1.0-beta.9.
Upgrade to Vercel AI SDK version 6.0.0-beta.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vercel Ai Sdk