CVE-2025-63665

CRITICAL

GT Edge AI Community Edition < 2.0.12 - Remote Code Execution via Prompt Window JSON Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-63665. PoCs published by RichardMedlin.

AI-analyzed exploit summary This repository contains a technical writeup describing a JSON injection vulnerability (CVE-2025-63665) in a chat component, allowing arbitrary code execution and information disclosure. The document references external sources for further details but does not include exploit code.

Description

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.

Exploits (1)

github WRITEUP
by RichardMedlin · poc
https://github.com/RichardMedlin/CVEs-Record-Keeping/tree/main/CVE-2025-63665

This repository contains a technical writeup describing a JSON injection vulnerability (CVE-2025-63665) in a chat component, allowing arbitrary code execution and information disclosure. The document references external sources for further details but does not include exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: unspecified chat component
No auth needed
Prerequisites: access to the /chat component · ability to inject crafted JSON payloads
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0043
EPSS Percentile 34.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
gtedge/gt_edge_ai < 2.0.12
Published Dec 19, 2025
Tracked Since Feb 18, 2026