CVE-2025-63663

HIGH

GT Edge AI Platform <v2.0.10 - Info Disclosure

Title source: llm

Description

Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.

Exploits (1)

github WRITEUP

by RichardMedlin · poc

https://github.com/RichardMedlin/CVEs-Record-Keeping/tree/main/CVE-2025-63663

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://gist.github.com/p80n-sec/f3ca933480157cb4e18c387d92f4d0c2

[Broken Link] https://github.com/p80n-sec/Vulnerability-Research/blob/main/Pending

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 17.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-284

Status published

Products (1)

gtedge/gt_edge_ai < 2.0.12

Published Dec 22, 2025

Tracked Since Feb 18, 2026