CNNVD-202511-823 Information
Nov 07, 2025
cve
CNNVD ID
CNNVD-202511-823
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
AI SDK是Vercel开源的一个TypeScript的AI工具包。 AI SDK 5.0.52版本、5.1.0-beta.9版本和6.0.0-beta版本存在安全漏洞,该漏洞源于用户可能绕过文件类型白名单上传文件。
Description (English)
AI SDK is a TypeScript ’ s AI toolkit from Vercel Open Source. There is a security loophole in AI SDK version 5.0.52, 5.1.0-beta.9 and 6.0.0-beta version, which stems from the possibility of the user bypassing the white list of file types.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Vercel
Published
2025-11-07
Last Modified
2026-02-24
References
https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed https://access.redhat.com/security/cve/cve-2025-48985
Patch
https://github.com/vercel/ai/releases
Share on: