AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-63664: Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows un

highvulnerability

security

Source: NVD/CVE DatabaseDecember 22, 2025CVE-2025-63664

Summary

CVE-2025-63664 is a flaw in the GT Edge AI Platform (before version 2.0.10-dev) where incorrect access control in the /api/v1/conversations/*/messages API allows attackers without permission to view other users' message histories with AI agents. This is classified as improper access control (CWE-284, a category of security flaws where systems fail to properly restrict what users can access).

Solution / Mitigation

Update GT Edge AI Platform to version 2.0.10-dev or later.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-284

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 85%