CVE-2025-63662
Insecure Permissions in GT Edge AI /api/v1/agents API
Publication date: 2025-12-22
Last updated on: 2025-12-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gt_edge | ai_platform | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-63662 is a vulnerability in the /api/v1/agents API of GT Edge AI Platform versions before v2.0.10-dev (and Community Edition before v2.0.12) where insecure permissions allow unauthorized remote attackers, once authenticated, to access sensitive information. This includes system prompts and other confidential data related to AI agents, leading to information disclosure and escalation of privileges. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized attackers to access sensitive and confidential information related to AI agents, such as system prompts. This can lead to information disclosure and escalation of privileges, potentially compromising the security and confidentiality of your system and data. [1]
What immediate steps should I take to mitigate this vulnerability?
Upgrade GT Edge AI Platform to version 2.0.12 or later, as versions prior to 2.0.12 contain the insecure permissions vulnerability in the /api/v1/agents API that allows unauthorized access to sensitive information. [1]