PT-2025-45770 — Remote Code Execution in Npm Ai

PT-2025-45770 · Npm · Ai

Published

2025-11-07

Updated

2025-11-07

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-682

Related Identifiers

GHSA-RWVC-J5JR-MGVH

PT-2025-45770 · Npm · Ai

Weakness Enumeration

Related Identifiers

Affected Products

References · 6