cbcvebase.
CVE-2025-48985
published 2025-11-07

CVE-2025-48985: A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.24%
14.3th percentile
A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

Affected

6 ranges
VendorProductVersion rangeFixed in
drupalai>= 0 < 5.0.525.0.52
drupalai>= 5.1.0-beta.0 < 5.1.0-beta.95.1.0-beta.9
vercelai< 5.0.525.0.52
vercelai
vercelai_sdk5.0.51 – 5.0.51
vercelai_sdk5.1.0-beta.8 – 5.1.0-beta.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.