{"id":"GHSA-rwvc-j5jr-mgvh","summary":"Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files","details":"A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.","aliases":["CVE-2025-48985"],"modified":"2026-02-04T03:37:17.708730Z","published":"2025-11-07T03:30:25Z","related":["CGA-qrxc-26qf-c7f4"],"database_specific":{"github_reviewed_at":"2025-11-07T17:39:01Z","github_reviewed":true,"nvd_published_at":"2025-11-07T01:15:36Z","cwe_ids":["CWE-20","CWE-682"],"severity":"LOW"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48985"},{"type":"WEB","url":"https://github.com/vercel/ai/issues/8881"},{"type":"WEB","url":"https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed"},{"type":"PACKAGE","url":"https://github.com/vercel/ai"},{"type":"WEB","url":"https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk"}],"affected":[{"package":{"name":"ai","ecosystem":"npm","purl":"pkg:npm/ai"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"5.0.52"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-rwvc-j5jr-mgvh/GHSA-rwvc-j5jr-mgvh.json"}},{"package":{"name":"ai","ecosystem":"npm","purl":"pkg:npm/ai"},"ranges":[{"type":"SEMVER","events":[{"introduced":"5.1.0-beta.0"},{"fixed":"5.1.0-beta.9"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-rwvc-j5jr-mgvh/GHSA-rwvc-j5jr-mgvh.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}