Executive Summary

CVE-2025-63665 is a vulnerability in GT Edge AI Platform versions before v2.0.12 that allows remote attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window, specifically the /chat module. The injected JSON is rendered by the application layer for a large language model (LLM) agent, which leads to execution of attacker-controlled code and leakage of sensitive information such as system prompts and previous chat history. This vulnerability is classified as CWE-94, indicating improper control of code generation. [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to execute arbitrary code remotely on the affected system, potentially taking full control of the GT Edge AI Platform environment. Additionally, it can lead to leakage of sensitive information including system prompts and chat history, which may compromise confidentiality and integrity of data processed by the platform. [2]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, update the GT Edge AI Platform to version 2.0.12 or later, as versions prior to v2.0.12 are affected. Avoid injecting untrusted JSON payloads into the Prompt window, and restrict access to the /chat module to trusted users only. [2]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers to execute arbitrary code and causes leakage of sensitive information such as system prompts and previous chat history. This information disclosure could lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data. Therefore, exploitation of this vulnerability may result in non-compliance with such standards due to unauthorized access and potential exposure of protected information. [2]

Useful 0 Not Useful 0