CVE-2025-48985: Vercel's AI SDK's filetype allowlists can be bypassed when uploading files

November 7, 2025

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype allowlists when uploading files. All users are encouraged to upgrade.

References

github.com/advisories/GHSA-rwvc-j5jr-mgvh
github.com/vercel/ai
github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed
github.com/vercel/ai/issues/8881
nvd.nist.gov/vuln/detail/CVE-2025-48985
vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

Code Behaviors & Features

Detect and mitigate CVE-2025-48985 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →