CVE-2025-63664

HIGH

GT Edge AI Platform <2.0.10-dev - Info Disclosure

Title source: llm

Description

Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.

Exploits (1)

github WRITEUP

by RichardMedlin · poc

https://github.com/RichardMedlin/CVEs-Record-Keeping/tree/main/CVE-2025-63664

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://gist.github.com/p80n-sec/0a0a71a2190d5e6f8083bf6069e7b5f2

[Broken Link] https://github.com/p80n-sec/Vulnerability-Research/blob/main/Pending

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 17.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-284

Status published

Products (1)

gtedge/gt_edge_ai < 2.0.12

Published Dec 22, 2025

Tracked Since Feb 18, 2026