Can you explain this vulnerability to me?

CVE-2025-63665 is a vulnerability in GT Edge AI Platform versions before v2.0.12 that allows remote attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window, specifically the /chat module. The injected JSON is rendered by the application layer for a large language model (LLM) agent, which leads to execution of attacker-controlled code and leakage of sensitive information such as system prompts and previous chat history. This vulnerability is classified as CWE-94, indicating improper control of code generation. [2]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow attackers to execute arbitrary code remotely on the affected system, potentially taking full control of the GT Edge AI Platform environment. Additionally, it can lead to leakage of sensitive information including system prompts and chat history, which may compromise confidentiality and integrity of data processed by the platform. [2]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the GT Edge AI Platform to version 2.0.12 or later, as versions prior to v2.0.12 are affected. Avoid injecting untrusted JSON payloads into the Prompt window, and restrict access to the /chat module to trusted users only. [2]

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows attackers to execute arbitrary code and causes leakage of sensitive information such as system prompts and previous chat history. This information disclosure could lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data. Therefore, exploitation of this vulnerability may result in non-compliance with such standards due to unauthorized access and potential exposure of protected information. [2]

Useful 0 Not Useful 0