VDB
CVE-2025-48985
CVE-2025-48985
PUBLISHED
CVSS 3.700000047683716 LOW
Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files
EPSS 0.08% · 23.1th percentile
Risk Scores
CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.08%
23.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| vercel | ai | 5.1.0, 5.1.0, 0 |
| npm | ai | 5.1.0-beta.0, 0 |
| Vercel | AI SDK | 5.1.0-beta.9, 5.1.0-beta.8, 6.0.0-beta.* |
Timeline
- Nov 7, 2025 CVE Published
- Nov 7, 2025 EPSS Score
- Nov 7, 2025 PoC Published
- Nov 7, 2025 PoC Published
- Nov 7, 2025 PoC Published
- Nov 11, 2025 PoC Published
- Nov 12, 2025 EPSS Score
- Nov 18, 2025 EPSS Score
- Nov 23, 2025 EPSS Score
- Nov 28, 2025 EPSS Score
- Dec 2, 2025 CVE Updated
- Dec 3, 2025 EPSS Score