CVE-2025-48985: 
JavaScript vulnerability analysis and mitigation

A low-severity security vulnerability (CVE-2025-48985) was discovered in Vercel's AI SDK. The vulnerability affects versions prior to 5.0.52, 5.1.0-beta.9, and 6.0.0-beta, allowing users to bypass filetype whitelists when uploading files. The issue was discovered and disclosed on November 6, 2025 (Vercel Changelog).

The vulnerability exists in the convert-to-language-model-prompt.ts file within the prompt conversion pipeline. The issue occurs due to improper URL-to-data mapping that allows attackers to substitute arbitrary downloaded bytes for different supported URLs within the same prompt. The vulnerability has a CVSS v3.1 score of 3.7 (Low) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. The core issue stems from a filtering operation that removes null entries for supported URLs, causing index misalignment between the downloadedFiles array and the original plannedDownloads array (Miggo).

When processing mixed supported and unsupported URLs, the vulnerability allows bytes from an unsupported URL to be mapped to a supported URL slot, enabling attackers to inject arbitrary content while bypassing URL-based trust and content validation mechanisms. This affects most methods that accept images or files as inputs, specifically the generateText() and streamText() functions, unless explicit data validation was implemented outside of the SDK (Vercel Changelog).

The vulnerability has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. The resolution involves mapping files before filtering out empty ones to retain the correct index. As a workaround, users can implement custom filetype validation logic outside of the SDK. All users are encouraged to upgrade to the latest version (Vercel Changelog).