{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:24:09.652","vulnerabilities":[{"cve":{"id":"CVE-2025-48985","sourceIdentifier":"support@hackerone.com","published":"2025-11-07T01:15:36.567","lastModified":"2026-02-04T21:11:11.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.\r\n\r\nMore details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk"}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.52","matchCriteriaId":"4A47352A-21CC-43DD-BBCB-64B24A03746D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta0:*:*:*:*:*:*","matchCriteriaId":"FDD78D08-7B1C-4405-8B34-8189DFCCB746"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta1:*:*:*:*:*:*","matchCriteriaId":"A1E07AF8-66E6-4039-9087-2DEC1B5952B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta2:*:*:*:*:*:*","matchCriteriaId":"AE57A66D-F2AC-48B6-A1EF-9583BD2AB9B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta3:*:*:*:*:*:*","matchCriteriaId":"3D89727F-B1B0-483F-9209-C8BC95CE4163"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta4:*:*:*:*:*:*","matchCriteriaId":"DF1C6D8C-2115-4C06-B2B0-C70350D0598D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta5:*:*:*:*:*:*","matchCriteriaId":"AE7D4CFF-AE7D-43F2-9092-FC1A12B2A3A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta6:*:*:*:*:*:*","matchCriteriaId":"4D71DE70-9F13-4EA5-A10B-E401A55BC1B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta7:*:*:*:*:*:*","matchCriteriaId":"573DE1B3-EEF1-4125-9986-13BA19D8BBC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ai:5.1.0:beta8:*:*:*:*:*:*","matchCriteriaId":"BC9D7BBB-05A3-407D-8B0E-30904B735BD1"}]}]}],"references":[{"url":"https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed","source":"support@hackerone.com","tags":["Patch"]},{"url":"https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk","source":"support@hackerone.com","tags":["Vendor Advisory"]}]}}]}