How to fix CVE-2025-48985?

During next maintenance window: Apply vendor patches when convenient. Verify input validation controls are in place.

Is Ai affected by CVE-2025-48985?

CVE-2025-48985 is a low-severity vulnerability involving input validation (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. A patch is available and can be applied during standard maintenance windows.

CVE-2025-48985

LOW

2025-11-07 [email protected]

Authentication Bypass Ai

3.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:20 vuln.today

Patch Released

Mar 28, 2026 - 19:20 nvd

Patch available

CVE Published

Nov 07, 2025 - 01:15 nvd

LOW 3.7

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

7 npm packages depend on ai (7 direct, 0 indirect)

Ecosystem-wide dependent count for version 5.1.0-beta.0.

DescriptionNVD

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.

More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk

AnalysisAI

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Technical ContextAI

This vulnerability is classified under CWE-20. A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk Affected products include: Vercel Ai.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-48985 vulnerability details – vuln.today

Back

CVE-2025-48985

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code