CVE-2025-63663
Improper Access Control in GT Edge AI Platform Files API
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gt_edge | ai_platform | 2.0.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-63663 is an incorrect access control vulnerability in the GT Edge AI Platform's API endpoint `/api/v1/conversations/*/files`. This flaw allows unauthorized remote attackers who have a valid user ID to access files uploaded by other users. Essentially, the system fails to properly restrict access to user-uploaded files, enabling attackers to bypass intended access controls and retrieve sensitive data belonging to others. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information because attackers can access files uploaded by other users without permission. This can result in privacy breaches, data leaks, and potential misuse of confidential data, impacting user trust and possibly causing harm depending on the nature of the exposed files. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the API endpoint `/api/v1/conversations/*/files` with a valid user ID and checking if files belonging to other users are accessible without proper authorization. A practical approach is to use tools like curl or HTTP clients to send requests to this endpoint with different conversation IDs and observe if unauthorized files are returned. For example, a command like `curl -i -H "Authorization: Bearer <valid_token>" https://<target>/api/v1/conversations/<other_user_conversation_id>/files` can be used to test if access control is enforced properly. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the GT Edge AI Platform to version 2.0.10 or later, where this access control vulnerability has been fixed. Until the upgrade is applied, restrict access to the vulnerable API endpoint and monitor for suspicious access patterns. Additionally, review and tighten access control policies to ensure users cannot access files belonging to others. [1]